RHSA-2023%3A7335
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhpam-7/rhpam-kieserver-rhel8@sha256:62a457fc1595ed3e534ef9c792cb2bdf3c1712642d370b450a2f341bdd118eda_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kieserver-rhel8@sha256:62a457fc1595ed3e534ef9c792cb2bdf3c1712642d370b450a2f341bdd118eda_amd64 |
| Red Hat | rhpam-7/rhpam-operator-bundle@sha256:d5d8ae9b97b00623af7c4c85a15966bf4de7bc53b767634d6e8e33ba4167d9d3_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-operator-bundle@sha256:d5d8ae9b97b00623af7c4c85a15966bf4de7bc53b767634d6e8e33ba4167d9d3_amd64 |
| Red Hat | rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:878b83b28bf3b7dcfcb710c70ff06268477dddfa6a3df21b7dbe52f53ca3ca40_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:878b83b28bf3b7dcfcb710c70ff06268477dddfa6a3df21b7dbe52f53ca3ca40_amd64 |
| Red Hat | rhpam-7/rhpam-operator-bundle@sha256:d5d8ae9b97b00623af7c4c85a15966bf4de7bc53b767634d6e8e33ba4167d9d3_amd64 as a component of Middleware Containers for OpenShift | * |
| Red Hat | rhpam-7/rhpam-kogito-runtime-jvm-rhel8@sha256:ccb049dd64523e98d0e7a0f7cf99e2171f17917532f4d10ab5893b24c1b19698_ppc64le as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-runtime-jvm-rhel8@sha256:ccb049dd64523e98d0e7a0f7cf99e2171f17917532f4d10ab5893b24c1b19698_ppc64le |
| Red Hat | rhpam-7/rhpam-smartrouter-rhel8@sha256:91b1516edf464d7f67b9f97062629d0e1beb1c3023d94871db577c392a2df2a8_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-smartrouter-rhel8@sha256:91b1516edf464d7f67b9f97062629d0e1beb1c3023d94871db577c392a2df2a8_amd64 |
| Red Hat | rhpam-7/rhpam-kogito-rhel8-operator@sha256:6ea8b56d752f98a1dd48d8e91f00f49a8f40124b6ec4464209e2e8554de7c93e_ppc64le as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-rhel8-operator@sha256:6ea8b56d752f98a1dd48d8e91f00f49a8f40124b6ec4464209e2e8554de7c93e_ppc64le |
| Red Hat | rhpam-7/rhpam-kogito-rhel8-operator-bundle@sha256:4553c12fa6f1a41b098efb333ce15d062eeea289b2bed5b2fd3075f5d4bb8cc8_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-rhel8-operator-bundle@sha256:4553c12fa6f1a41b098efb333ce15d062eeea289b2bed5b2fd3075f5d4bb8cc8_amd64 |
| Red Hat | rhpam-7/rhpam-smartrouter-rhel8@sha256:91b1516edf464d7f67b9f97062629d0e1beb1c3023d94871db577c392a2df2a8_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-smartrouter-rhel8@sha256:91b1516edf464d7f67b9f97062629d0e1beb1c3023d94871db577c392a2df2a8_amd64 |
| Red Hat | rhpam-7/rhpam-dashbuilder-rhel8@sha256:b787d57beb85e6098033b8c26789d2cc7a29faf7463fa8607d962382752f0883_amd64 as a component of Middleware Containers for OpenShift | * |
| Red Hat | rhpam-7-tech-preview/rhpam-kogito-runtime-native-rhel8@sha256:f100720059d7a0d35ff776e5b928486708b420b7a70652e82b815e4dc654b1f5_amd64 as a component of Middleware Containers for OpenShift | rhpam-7-tech-preview/rhpam-kogito-runtime-native-rhel8@sha256:f100720059d7a0d35ff776e5b928486708b420b7a70652e82b815e4dc654b1f5_amd64 |
| Red Hat | rhpam-7/rhpam-kieserver-rhel8@sha256:62a457fc1595ed3e534ef9c792cb2bdf3c1712642d370b450a2f341bdd118eda_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kieserver-rhel8@sha256:62a457fc1595ed3e534ef9c792cb2bdf3c1712642d370b450a2f341bdd118eda_amd64 |
| Red Hat | rhpam-7/rhpam-rhel8-operator@sha256:a7a20aed601d9a2ff38788dc773f821c1f68132de83fb1c36cc534a4f0d3468c_amd64 as a component of Middleware Containers for OpenShift | * |
| Red Hat | rhpam-7/rhpam-kogito-builder-rhel8@sha256:2caadb26d1a4ed774bdfa67664d11210b02a143b741cd4068b1654d51ed80c61_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-builder-rhel8@sha256:2caadb26d1a4ed774bdfa67664d11210b02a143b741cd4068b1654d51ed80c61_amd64 |
| Red Hat | rhpam-7/rhpam-kogito-rhel8-operator-bundle@sha256:056cc42012b5da9581c8d6f347a1693d6d3d904f76954fc1aafe12a6601994aa_ppc64le as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-rhel8-operator-bundle@sha256:056cc42012b5da9581c8d6f347a1693d6d3d904f76954fc1aafe12a6601994aa_ppc64le |
| Red Hat | rhpam-7-tech-preview/rhpam-kogito-runtime-native-rhel8@sha256:f100720059d7a0d35ff776e5b928486708b420b7a70652e82b815e4dc654b1f5_amd64 as a component of Middleware Containers for OpenShift | rhpam-7-tech-preview/rhpam-kogito-runtime-native-rhel8@sha256:f100720059d7a0d35ff776e5b928486708b420b7a70652e82b815e4dc654b1f5_amd64 |
| Red Hat | rhpam-7/rhpam-kogito-rhel8-operator@sha256:52c4c3483cbcd0552730311a21cd4f32902de01b0efbaca2420a96dae6ad6b59_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-kogito-rhel8-operator@sha256:52c4c3483cbcd0552730311a21cd4f32902de01b0efbaca2420a96dae6ad6b59_amd64 |
| Red Hat | rhpam-7/rhpam-controller-rhel8@sha256:c570297daff9ae813db39b27b4604f56cfcfa32a27e81d339da06dd33c13254f_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-controller-rhel8@sha256:c570297daff9ae813db39b27b4604f56cfcfa32a27e81d339da06dd33c13254f_amd64 |
| Red Hat | rhpam-7/rhpam-kogito-builder-rhel8@sha256:2caadb26d1a4ed774bdfa67664d11210b02a143b741cd4068b1654d51ed80c61_amd64 as a component of Middleware Containers for OpenShift | * |
| Red Hat | rhpam-7/rhpam-businesscentral-rhel8@sha256:52e746b99d6a15be91dc7c4e74fb0a58c27ca1d08151d456336e26b0cbcb54fe_amd64 as a component of Middleware Containers for OpenShift | rhpam-7/rhpam-businesscentral-rhel8@sha256:52e746b99d6a15be91dc7c4e74fb0a58c27ca1d08151d456336e26b0cbcb54fe_amd64 |
…and 16 more
Timeline
- Nov 16, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7335 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://issues.redhat.com/browse/RHPAM-4816 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7335.json advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit