VDB
DEBIAN-CVE-2023-44487
DEBIAN-CVE-2023-44487
PUBLISHED
CVSS 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | haproxy | 0, 0, 0 |
| Debian:14 | jetty9 | 0, 0, 0 |
| Debian:11 | varnish | 7.6.0-1, 7.5.0-3, 6.5.2-1 |
| Debian:13 | nginx | 0, 0, 0 |
| Debian:14 | netty | 0, 0, 0 |
| Debian:11 | tomcat9 | *, 9.0.43-2~deb11u1, 9.0.43-1 |
| Debian:13 | tomcat10 | 0, 0, 0 |
| Debian:13 | tomcat9 | 0, 0, 0 |
| Debian:11 | netty | 0, *, 1:4.1.48-4+deb11u1 |
| Debian:12 | tomcat9 | 0, 0, 0 |
| Debian:11 | h2o | 2.2.5+dfsg2-6, 2.2.5+dfsg2-11, 2.2.5+dfsg2-10 |
| Debian:13 | netty | 0, 0, 0 |
| Debian:13 | grpc | 1.59.5-1, 1.59.5-1, 1.51.1-9 |
| Debian:14 | nginx | 0, 0, 0 |
| Debian:12 | nginx | 1.28.0-3, 1.28.0-4, 1.28.0-5 |
| Debian:14 | tomcat9 | 0, 0, 0 |
| Debian:14 | tomcat10 | 0, 0, 0 |
| Debian:13 | varnish | 0, 0, 0 |
| Debian:11 | dnsdist | 1.8.3-3, 1.8.2-1, 1.7.2-2 |
| Debian:11 | grpc | 1.30.2-4, 1.30.2-4, 1.30.2-4 |
…and 23 more
Exploit Intelligence
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- TYuan0816/cve-2023-44487 (github-poc-repo)
- sn130hk/CVE-2023-44487 (github-poc-repo)
- RapidResetClient (github-poc-repo)
- POC for CVE-2023-44487 (github-poc-repo)
- Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) (github-poc-repo)
- A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over testing parameters, multiple attack patterns, and advanced monitoring capabilities. (github-poc-repo)
…and 63 more exploits
Timeline
- Oct 10, 2023 CVE Published
- Apr 28, 2026 CVE Updated