OESA-2024-2403

Risk Scores

Affected Products

Exploit Intelligence

• HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
• HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
• Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
• Educational environment for LTAT.04.022 Homework 4. (github-poc)
• TYuan0816/cve-2023-44487 (github-poc-repo)
• sn130hk/CVE-2023-44487 (github-poc-repo)
• RapidResetClient (github-poc-repo)
• POC for CVE-2023-44487 (github-poc-repo)
• Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) (github-poc-repo)
• A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over testing parameters, multiple attack patterns, and advanced monitoring capabilities. (github-poc-repo)

…and 66 more exploits

Timeline

• Nov 15, 2024 CVE Published
• Sep 3, 2025 CVE Updated
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory
• May 2, 2026 Security Advisory

References

• https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2403 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2021-43980 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2022-25762 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2023-46589 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2024-23672 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2024-24549 advisory
• https://nvd.nist.gov/vuln/detail/CVE-2024-34750 advisory