VOOZH about

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-44487

⇱ NVD - CVE-2023-44487

  1. Vulnerabilities

CVE-2023-44487 Detail

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2023/10/10/6 MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/10/7 MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/13/4 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/13/9 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/18/4 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/18/8 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/19/6 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/20/8 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2025/08/13/6 CVE Third Party Advisory 
https://access.redhat.com/security/cve/cve-2023-44487 CVE, MITRE Vendor Advisory 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ CVE, MITRE Third Party Advisory 
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ CVE, MITRE Technical Description  Vendor Advisory 
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ CVE, MITRE Third Party Advisory  Vendor Advisory 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ CVE, MITRE Vendor Advisory 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://blog.vespa.ai/cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 CVE, MITRE Issue Tracking  Third Party Advisory 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 CVE, MITRE Issue Tracking  Vendor Advisory 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 CVE, MITRE Issue Tracking  Vendor Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-082556.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-341067.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-784301.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-832273.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-915275.html siemens-SADP Third Party Advisory 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 CVE, MITRE Mailing List  Patch  Vendor Advisory 
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ CVE, MITRE Technical Description  Vendor Advisory 
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack CVE, MITRE Technical Description  Vendor Advisory 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 CVE, MITRE Vendor Advisory 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 CVE, MITRE Third Party Advisory 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve CVE, MITRE Broken Link 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 CVE, MITRE Vendor Advisory 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 CVE, MITRE Issue Tracking  Patch 
https://github.com/Azure/AKS/issues/3947 CVE, MITRE Issue Tracking 
https://github.com/Kong/kong/discussions/11741 CVE, MITRE Issue Tracking 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 CVE, MITRE Vendor Advisory 
https://github.com/advisories/GHSA-vx74-f528-fxqg CVE, MITRE Mitigation  Patch  Vendor Advisory 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p CVE, MITRE Patch  Vendor Advisory 
https://github.com/akka/akka-http/issues/4323 CVE, MITRE Issue Tracking 
https://github.com/alibaba/tengine/issues/1872 CVE, MITRE Issue Tracking 
https://github.com/apache/apisix/issues/10320 CVE, MITRE Issue Tracking 
https://github.com/apache/httpd-site/pull/10 CVE, MITRE Issue Tracking 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 CVE, MITRE Product 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 CVE, MITRE Product  Third Party Advisory 
https://github.com/apache/trafficserver/pull/10564 CVE, MITRE Issue Tracking  Patch 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://github.com/bcdannyboy/CVE-2023-44487 CVE, MITRE Third Party Advisory 
https://github.com/caddyserver/caddy/issues/5877 CVE, MITRE Issue Tracking  Vendor Advisory 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 CVE, MITRE Release Notes  Third Party Advisory 
https://github.com/dotnet/announcements/issues/277 CVE, MITRE Issue Tracking  Mitigation  Vendor Advisory 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 CVE, MITRE Product  Release Notes 
https://github.com/eclipse/jetty.project/issues/10679 CVE, MITRE Issue Tracking 
https://github.com/envoyproxy/envoy/pull/30055 CVE, MITRE Issue Tracking  Patch 
https://github.com/etcd-io/etcd/issues/16740 CVE, MITRE Issue Tracking  Patch 
https://github.com/facebook/proxygen/pull/466 CVE, MITRE Issue Tracking  Patch 
https://github.com/golang/go/issues/63417 CVE, MITRE Issue Tracking 
https://github.com/grpc/grpc-go/pull/6703 CVE, MITRE Issue Tracking  Patch 
https://github.com/grpc/grpc/releases/tag/v1.59.2 MITRE Mailing List 
https://github.com/h2o/h2o/pull/3291 CVE, MITRE Issue Tracking  Patch 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf CVE, MITRE Vendor Advisory 
https://github.com/haproxy/haproxy/issues/2312 CVE, MITRE Issue Tracking 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 CVE, MITRE Product 
https://github.com/junkurihara/rust-rpxy/issues/97 CVE, MITRE Issue Tracking 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 CVE, MITRE Patch 
https://github.com/kazu-yamamoto/http2/issues/93 CVE, MITRE Issue Tracking 
https://github.com/kubernetes/kubernetes/pull/121120 CVE, MITRE Issue Tracking  Patch 
https://github.com/line/armeria/pull/5232 CVE, MITRE Issue Tracking  Patch 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 CVE, MITRE Patch 
https://github.com/micrictor/http2-rst-stream CVE, MITRE Exploit  Third Party Advisory 
https://github.com/microsoft/CBL-Mariner/pull/6381 CVE, MITRE Issue Tracking  Patch 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 CVE, MITRE Patch 
https://github.com/nghttp2/nghttp2/pull/1961 CVE, MITRE Issue Tracking  Patch 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 CVE, MITRE Release Notes 
https://github.com/ninenines/cowboy/issues/1615 CVE, MITRE Issue Tracking 
https://github.com/nodejs/node/pull/50121 CVE, MITRE Issue Tracking 
https://github.com/openresty/openresty/issues/930 CVE, MITRE Issue Tracking 
https://github.com/opensearch-project/data-prepper/issues/3474 CVE, MITRE Issue Tracking  Patch 
https://github.com/oqtane/oqtane.framework/discussions/3367 CVE, MITRE Issue Tracking 
https://github.com/projectcontour/contour/pull/5826 CVE, MITRE Issue Tracking  Patch 
https://github.com/tempesta-tech/tempesta/issues/1986 CVE, MITRE Issue Tracking 
https://github.com/varnishcache/varnish-cache/issues/3996 CVE, MITRE Issue Tracking 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo CVE, MITRE Mailing List  Release Notes  Vendor Advisory 
https://istio.io/latest/news/security/istio-security-2023-004/ CVE, MITRE Vendor Advisory 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html CVE, MITRE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html CVE, MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ CVE Mailing List  Third Party Advisory 
https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ MITRE Mailing List 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html CVE, MITRE Mailing List  Third Party Advisory 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html CVE, MITRE Mailing List  Patch  Third Party Advisory 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html CVE, MITRE Third Party Advisory 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ CVE, MITRE Patch  Vendor Advisory 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 CVE, MITRE Mitigation  Patch  Vendor Advisory 
https://my.f5.com/manage/s/article/K000137106 CVE, MITRE Vendor Advisory 
https://netty.io/news/2023/10/10/4-1-100-Final.html CVE, MITRE Release Notes  Vendor Advisory 
https://news.ycombinator.com/item?id=37830987 CVE, MITRE Issue Tracking 
https://news.ycombinator.com/item?id=37830998 CVE, MITRE Issue Tracking  Press/Media Coverage 
https://news.ycombinator.com/item?id=37831062 CVE, MITRE Issue Tracking 
https://news.ycombinator.com/item?id=37837043 CVE, MITRE Issue Tracking 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ CVE, MITRE Third Party Advisory 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected CVE, MITRE Third Party Advisory 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ MITRE Vendor Advisory 
https://security.gentoo.org/glsa/202311-09 CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20231016-0001/ CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240426-0007/ CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240621-0006/ CVE, MITRE Exploit  Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240621-0007/ CVE, MITRE Third Party Advisory 
https://security.paloaltonetworks.com/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 CVE, MITRE Release Notes 
https://ubuntu.com/security/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ CVE, MITRE Third Party Advisory 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487 CISA-ADP US Government Resource 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 CVE, MITRE Third Party Advisory  US Government Resource 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5521 CVE, MITRE Mailing List  Vendor Advisory 
https://www.debian.org/security/2023/dsa-5522 CVE, MITRE Mailing List  Vendor Advisory 
https://www.debian.org/security/2023/dsa-5540 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5549 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5558 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5570 CVE, MITRE Third Party Advisory 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 CVE, MITRE Third Party Advisory  Vendor Advisory 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ CVE, MITRE Mitigation  Vendor Advisory 
https://www.openwall.com/lists/oss-security/2023/10/10/6 CVE, MITRE Mailing List  Third Party Advisory 
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack CVE, MITRE Press/Media Coverage 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause CVE Third Party Advisory 

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name Date Added Due Date Required Action
HTTP/2 Rapid Reset Attack Vulnerability 10/10/2023 10/31/2023 Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information 👁 cwe source acceptance level
NIST  
CWE-400 Uncontrolled Resource Consumption CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

83 change records found show changes

CVE Modified by siemens-SADP 6/17/2026 2:27:44 AM

Action Type Old Value New Value
Added Affected 
[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","defaultStatus":"unknown","versions":[{"version":"V3.1.5","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","defaultStatus":"unknown","versions":[{"version":"V3.1.5","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","defaultStatus":"unknown","versions":[{"version":"V3.1.5","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","defaultStatus":"unknown","versions":[{"version":"V3.1.5","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SINEC NMS","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V3.0","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","defaultStatus":"unknown","versions":[{"version":"V3.1.5","lessThan":"*","versionType":"custom","status":"affected"}]}]

CVE Modified by CISA-ADP 6/17/2026 2:27:44 AM

Action Type Old Value New Value
Added Affected 
[{"vendor":"ietf","product":"http","defaultStatus":"unknown","cpes":["cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"],"versions":[{"version":"2.0","status":"affected"}]}]
Added SSVC 
{"timestamp":"2024-07-23T20:34:21.334116Z","id":"CVE-2023-44487","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by MITRE 6/17/2026 2:27:44 AM

Action Type Old Value New Value
Added Affected 
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]

Reanalysis by NIST 5/12/2026 11:10:32 AM

Action Type Old Value New Value
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp:-:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_mfp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_mfp:-:*:*:*:*:*:*:*
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp:-:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_mfp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_mfp:-:*:*:*:*:*:*:*
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_mfp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_mfp:-:*:*:*:*:*:*:*
Changed CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*


 
AND
 OR
 *cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_mfp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_mfp:-:*:*:*:*:*:*:*

Modified Analysis by NIST 5/12/2026 10:25:25 AM

Action Type Old Value New Value
Added CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*
 OR
 cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*
Added CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*
Added CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn/dp:-:*:*:*:*:*:*:*
Added CPE Configuration 
AND
 OR
 *cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn/dp_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1.5 
 OR
 cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn/dp:-:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
 *cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* versions up to (excluding) 1.0
 *cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
 *cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*
 *cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*
 *cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
 *cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*
 *cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:* versions up to (excluding) 1.1
Added Reference Type 
siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-082556.html Types: Third Party Advisory
Added Reference Type 
siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-341067.html Types: Third Party Advisory
Added Reference Type 
siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-784301.html Types: Third Party Advisory
Added Reference Type 
siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-832273.html Types: Third Party Advisory
Added Reference Type 
siemens-SADP: https://cert-portal.siemens.com/productcert/html/ssa-915275.html Types: Third Party Advisory

CVE Modified by siemens-SADP 5/12/2026 7:16:13 AM

Action Type Old Value New Value
Added Reference 
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Added Reference 
https://cert-portal.siemens.com/productcert/html/ssa-341067.html
Added Reference 
https://cert-portal.siemens.com/productcert/html/ssa-784301.html
Added Reference 
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
Added Reference 
https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Modified Analysis by NIST 11/07/2025 2:00:41 PM

Action Type Old Value New Value
Added Reference Type 
CVE: http://www.openwall.com/lists/oss-security/2025/08/13/6 Types: Third Party Advisory

CVE Modified by CVE 11/04/2025 5:15:54 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2025/08/13/6

Modified Analysis by NIST 10/31/2025 10:38:33 AM

Action Type Old Value New Value
Added Reference Type 
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487 Types: US Government Resource

CVE Modified by CISA-ADP 10/21/2025 7:16:11 PM

Action Type Old Value New Value
Added Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487

CVE Modified by CISA-ADP 10/21/2025 4:19:41 PM

Action Type Old Value New Value
Removed Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487

CVE Modified by CISA-ADP 10/21/2025 3:20:18 PM

Action Type Old Value New Value
Added Reference 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487

Modified Analysis by NIST 6/11/2025 1:29:54 PM

Action Type Old Value New Value
Changed CPE Configuration Record truncated, showing 2048 of 3266 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3(1) up to (excluding) 10.3(5)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2(7)
 OR
 cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*
 cpe:2.
 Record truncated, showing 2048 of 3375 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3(1) up to (excluding) 10.3(5)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2(7)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.4(1) up to (excluding) 10.4(2)
 OR
 cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*
 cpe:2.3:h:c
Changed CPE Configuration Record truncated, showing 2048 of 6030 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3(1) up to (excluding) 10.3(5)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2(7)
 OR
 cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9336pq_aci_spin
 Record truncated, showing 2048 of 6139 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3(1) up to (excluding) 10.3(5)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2(7)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.4(1) up to (excluding) 10.4(2)
 OR
 cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
Changed CPE Configuration Record truncated, showing 2048 of 2721 characters.
View Entire Change Record
OR
 *cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* versions up to (excluding) 3.10.4
 *cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:* versions up to (excluding) 2.19.2
 *cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.0
 *cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.2
 *cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:* versions up to (excluding) 1.22
 *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions up to (excluding) 17.15.1
 *cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 11.2
 *cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 7.2.1
 *cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 9.3.3
 *cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:* versions up to (excluding) 4.11.0
 *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.11.2
 *cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0
 *cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3
 *cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:* versions up to (excluding) 11.1
 *cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:* versions up to (excluding) 12.6.2
 *cpe:2.3:a:cisc
 Record truncated, showing 2048 of 2956 characters.
View Entire Change Record
OR
 *cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* versions up to (excluding) 3.10.4
 *cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:* versions up to (excluding) 2.19.2
 *cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.0
 *cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.2
 *cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:* versions up to (excluding) 1.22
 *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions up to (excluding) 17.15.1
 *cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 11.2
 *cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 7.2.1
 *cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 9.3.3
 *cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:* versions up to (excluding) 4.11.0
 *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.11.2
 *cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0
 *cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3
 *cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:* versions up to (excluding) 11.1
 *cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:* versions up to (excluding) 12.6.2
 *cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*
Changed CPE Configuration 
OR
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1


 
OR
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2
Changed Reference Type 
CVE: https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Types: Technical Description, Third Party Advisory


 
CVE: https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Types: Broken Link
Changed Reference Type 
MITRE: https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Types: Technical Description, Third Party Advisory


 
MITRE: https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Types: Broken Link
Added Reference Type 
MITRE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ Types: Vendor Advisory

CVE Modified by MITRE 6/07/2025 4:15:21 PM

Action Type Old Value New Value
Added Reference 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ

CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 4/11/2025 9:00:02 PM

Action Type Old Value New Value
Changed Required Action 
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.


 
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Modified Analysis by NIST 4/03/2025 4:26:45 PM

Action Type Old Value New Value
Changed Reference Type 
CVE: http://www.openwall.com/lists/oss-security/2023/10/20/8 Types: Mailing List


 
CVE: http://www.openwall.com/lists/oss-security/2023/10/20/8 Types: Mailing List, Third Party Advisory
Changed Reference Type 
MITRE: http://www.openwall.com/lists/oss-security/2023/10/20/8 Types: Mailing List


 
MITRE: http://www.openwall.com/lists/oss-security/2023/10/20/8 Types: Mailing List, Third Party Advisory
Added Reference Type 
MITRE: http://www.openwall.com/lists/oss-security/2023/10/10/6 Types: Mailing List, Third Party Advisory
Added Reference Type 
MITRE: http://www.openwall.com/lists/oss-security/2023/10/10/7 Types: Mailing List, Third Party Advisory
Added Reference Type 
MITRE: https://github.com/grpc/grpc/releases/tag/v1.59.2 Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Types: Mailing List
Added Reference Type 
MITRE: https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Types: Mailing List

CVE Modified by MITRE 3/07/2025 2:15:36 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/10/6
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/10/7
Added Reference 
https://github.com/grpc/grpc/releases/tag/v1.59.2
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Removed Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Types: Mailing List
Removed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Types: Mailing List, Third Party Advisory

Modified Analysis by NIST 12/20/2024 12:40:53 PM

Action Type Old Value New Value
Changed Reference Type 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory


 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch
Changed Reference Type 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory


 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Patch
Changed Reference Type 
https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory


 
https://github.com/Azure/AKS/issues/3947 Issue Tracking
Changed Reference Type 
https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory


 
https://github.com/Azure/AKS/issues/3947 Issue Tracking
Changed Reference Type 
https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory


 
https://github.com/Kong/kong/discussions/11741 Issue Tracking
Changed Reference Type 
https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory


 
https://github.com/Kong/kong/discussions/11741 Issue Tracking
Changed Reference Type 
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory


 
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch
Changed Reference Type 
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory


 
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch
Changed Reference Type 
https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory


 
https://github.com/akka/akka-http/issues/4323 Issue Tracking
Changed Reference Type 
https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory


 
https://github.com/akka/akka-http/issues/4323 Issue Tracking
Changed Reference Type 
https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory


 
https://github.com/alibaba/tengine/issues/1872 Issue Tracking
Changed Reference Type 
https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory


 
https://github.com/alibaba/tengine/issues/1872 Issue Tracking
Changed Reference Type 
https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory


 
https://github.com/apache/apisix/issues/10320 Issue Tracking
Changed Reference Type 
https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory


 
https://github.com/apache/apisix/issues/10320 Issue Tracking
Changed Reference Type 
https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory


 
https://github.com/apache/httpd-site/pull/10 Issue Tracking
Changed Reference Type 
https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory


 
https://github.com/apache/httpd-site/pull/10 Issue Tracking
Changed Reference Type 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory


 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
Changed Reference Type 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory


 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
Changed Reference Type 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory


 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
Changed Reference Type 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory


 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
Changed Reference Type 
https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory


 
https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch
Changed Reference Type 
https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory


 
https://github.com/apache/trafficserver/pull/10564 Issue Tracking, Patch
Changed Reference Type 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory


 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes
Changed Reference Type 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory


 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Release Notes
Changed Reference Type 
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory


 
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
Changed Reference Type 
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory


 
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking
Changed Reference Type 
https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory


 
https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch
Changed Reference Type 
https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory


 
https://github.com/envoyproxy/envoy/pull/30055 Issue Tracking, Patch
Changed Reference Type 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch
Changed Reference Type 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch
Changed Reference Type 
https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory


 
https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch
Changed Reference Type 
https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory


 
https://github.com/facebook/proxygen/pull/466 Issue Tracking, Patch
Changed Reference Type 
https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory


 
https://github.com/golang/go/issues/63417 Issue Tracking
Changed Reference Type 
https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory


 
https://github.com/golang/go/issues/63417 Issue Tracking
Changed Reference Type 
https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory


 
https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch
Changed Reference Type 
https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory


 
https://github.com/grpc/grpc-go/pull/6703 Issue Tracking, Patch
Changed Reference Type 
https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory


 
https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch
Changed Reference Type 
https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory


 
https://github.com/h2o/h2o/pull/3291 Issue Tracking, Patch
Changed Reference Type 
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory


 
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
Changed Reference Type 
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory


 
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking
Changed Reference Type 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory


 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
Changed Reference Type 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory


 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product
Changed Reference Type 
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory


 
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
Changed Reference Type 
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory


 
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory


 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory


 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory


 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory


 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
Changed Reference Type 
https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory


 
https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch
Changed Reference Type 
https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory


 
https://github.com/kubernetes/kubernetes/pull/121120 Issue Tracking, Patch
Changed Reference Type 
https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/line/armeria/pull/5232 Issue Tracking, Patch
Changed Reference Type 
https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/line/armeria/pull/5232 Issue Tracking, Patch
Changed Reference Type 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory


 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
Changed Reference Type 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory


 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Patch
Changed Reference Type 
https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory


 
https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch
Changed Reference Type 
https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory


 
https://github.com/microsoft/CBL-Mariner/pull/6381 Issue Tracking, Patch
Changed Reference Type 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory


 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
Changed Reference Type 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory


 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch
Changed Reference Type 
https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory


 
https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch
Changed Reference Type 
https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory


 
https://github.com/nghttp2/nghttp2/pull/1961 Issue Tracking, Patch
Changed Reference Type 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory


 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
Changed Reference Type 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory


 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
Changed Reference Type 
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory


 
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
Changed Reference Type 
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory


 
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking
Changed Reference Type 
https://github.com/nodejs/node/pull/50121 Vendor Advisory


 
https://github.com/nodejs/node/pull/50121 Issue Tracking
Changed Reference Type 
https://github.com/nodejs/node/pull/50121 Vendor Advisory


 
https://github.com/nodejs/node/pull/50121 Issue Tracking
Changed Reference Type 
https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory


 
https://github.com/openresty/openresty/issues/930 Issue Tracking
Changed Reference Type 
https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory


 
https://github.com/openresty/openresty/issues/930 Issue Tracking
Changed Reference Type 
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch
Changed Reference Type 
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch
Changed Reference Type 
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory


 
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
Changed Reference Type 
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory


 
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking
Changed Reference Type 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch
Changed Reference Type 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory


 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch
Changed Reference Type 
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory


 
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
Changed Reference Type 
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory


 
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking
Changed Reference Type 
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory


 
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
Changed Reference Type 
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory


 
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking
Changed Reference Type 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory


 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
Changed Reference Type 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory


 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List
Changed Reference Type 
https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory


 
https://news.ycombinator.com/item?id=37830987 Issue Tracking
Changed Reference Type 
https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory


 
https://news.ycombinator.com/item?id=37830987 Issue Tracking
Changed Reference Type 
https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory


 
https://news.ycombinator.com/item?id=37831062 Issue Tracking
Changed Reference Type 
https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory


 
https://news.ycombinator.com/item?id=37831062 Issue Tracking
Changed Reference Type 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory


 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
Changed Reference Type 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory


 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes
Changed Reference Type 
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause No Types Assigned


 
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause Third Party Advisory

CVE Modified by CVE 11/21/2024 3:25:58 AM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/13/4
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/13/9
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/18/4
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/18/8
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/19/6
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/20/8
Added Reference 
https://access.redhat.com/security/cve/cve-2023-44487
Added Reference 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
Added Reference 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
Added Reference 
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
Added Reference 
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
Added Reference 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
Added Reference 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
Added Reference 
https://blog.vespa.ai/cve-2023-44487/
Added Reference 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
Added Reference 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
Added Reference 
https://bugzilla.suse.com/show_bug.cgi?id=1216123
Added Reference 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
Added Reference 
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
Added Reference 
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
Added Reference 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
Added Reference 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
Added Reference 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
Added Reference 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
Added Reference 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
Added Reference 
https://github.com/Azure/AKS/issues/3947
Added Reference 
https://github.com/Kong/kong/discussions/11741
Added Reference 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
Added Reference 
https://github.com/advisories/GHSA-vx74-f528-fxqg
Added Reference 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
Added Reference 
https://github.com/akka/akka-http/issues/4323
Added Reference 
https://github.com/alibaba/tengine/issues/1872
Added Reference 
https://github.com/apache/apisix/issues/10320
Added Reference 
https://github.com/apache/httpd-site/pull/10
Added Reference 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
Added Reference 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
Added Reference 
https://github.com/apache/trafficserver/pull/10564
Added Reference 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
Added Reference 
https://github.com/bcdannyboy/CVE-2023-44487
Added Reference 
https://github.com/caddyserver/caddy/issues/5877
Added Reference 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
Added Reference 
https://github.com/dotnet/announcements/issues/277
Added Reference 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
Added Reference 
https://github.com/eclipse/jetty.project/issues/10679
Added Reference 
https://github.com/envoyproxy/envoy/pull/30055
Added Reference 
https://github.com/etcd-io/etcd/issues/16740
Added Reference 
https://github.com/facebook/proxygen/pull/466
Added Reference 
https://github.com/golang/go/issues/63417
Added Reference 
https://github.com/grpc/grpc-go/pull/6703
Added Reference 
https://github.com/h2o/h2o/pull/3291
Added Reference 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
Added Reference 
https://github.com/haproxy/haproxy/issues/2312
Added Reference 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
Added Reference 
https://github.com/junkurihara/rust-rpxy/issues/97
Added Reference 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
Added Reference 
https://github.com/kazu-yamamoto/http2/issues/93
Added Reference 
https://github.com/kubernetes/kubernetes/pull/121120
Added Reference 
https://github.com/line/armeria/pull/5232
Added Reference 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
Added Reference 
https://github.com/micrictor/http2-rst-stream
Added Reference 
https://github.com/microsoft/CBL-Mariner/pull/6381
Added Reference 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
Added Reference 
https://github.com/nghttp2/nghttp2/pull/1961
Added Reference 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
Added Reference 
https://github.com/ninenines/cowboy/issues/1615
Added Reference 
https://github.com/nodejs/node/pull/50121
Added Reference 
https://github.com/openresty/openresty/issues/930
Added Reference 
https://github.com/opensearch-project/data-prepper/issues/3474
Added Reference 
https://github.com/oqtane/oqtane.framework/discussions/3367
Added Reference 
https://github.com/projectcontour/contour/pull/5826
Added Reference 
https://github.com/tempesta-tech/tempesta/issues/1986
Added Reference 
https://github.com/varnishcache/varnish-cache/issues/3996
Added Reference 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
Added Reference 
https://istio.io/latest/news/security/istio-security-2023-004/
Added Reference 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
Added Reference 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Added Reference 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
Added Reference 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
Added Reference 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
Added Reference 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
Added Reference 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
Added Reference 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
Added Reference 
https://my.f5.com/manage/s/article/K000137106
Added Reference 
https://netty.io/news/2023/10/10/4-1-100-Final.html
Added Reference 
https://news.ycombinator.com/item?id=37830987
Added Reference 
https://news.ycombinator.com/item?id=37830998
Added Reference 
https://news.ycombinator.com/item?id=37831062
Added Reference 
https://news.ycombinator.com/item?id=37837043
Added Reference 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
Added Reference 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
Added Reference 
https://security.gentoo.org/glsa/202311-09
Added Reference 
https://security.netapp.com/advisory/ntap-20231016-0001/
Added Reference 
https://security.netapp.com/advisory/ntap-20240426-0007/
Added Reference 
https://security.netapp.com/advisory/ntap-20240621-0006/
Added Reference 
https://security.netapp.com/advisory/ntap-20240621-0007/
Added Reference 
https://security.paloaltonetworks.com/CVE-2023-44487
Added Reference 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
Added Reference 
https://ubuntu.com/security/CVE-2023-44487
Added Reference 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
Added Reference 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
Added Reference 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
Added Reference 
https://www.debian.org/security/2023/dsa-5521
Added Reference 
https://www.debian.org/security/2023/dsa-5522
Added Reference 
https://www.debian.org/security/2023/dsa-5540
Added Reference 
https://www.debian.org/security/2023/dsa-5549
Added Reference 
https://www.debian.org/security/2023/dsa-5558
Added Reference 
https://www.debian.org/security/2023/dsa-5570
Added Reference 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
Added Reference 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
Added Reference 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
Added Reference 
https://www.openwall.com/lists/oss-security/2023/10/10/6
Added Reference 
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
Added Reference 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
Added Reference 
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause

Modified Analysis by NIST 8/14/2024 3:57:19 PM

Action Type Old Value New Value
Added CWE 
NIST NVD-CWE-noinfo
Removed CWE 
NIST CWE-400

CVE Modified by CISA-ADP 8/01/2024 9:44:53 AM

Action Type Old Value New Value
Added CVSS V3.1 
CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE 
CISA-ADP CWE-400

Modified Analysis by NIST 6/27/2024 2:34:22 PM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*


 
OR
 *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
 *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Changed Reference Type 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory


 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Third Party Advisory
Changed Reference Type 
https://security.netapp.com/advisory/ntap-20240426-0007/ No Types Assigned


 
https://security.netapp.com/advisory/ntap-20240426-0007/ Third Party Advisory
Changed Reference Type 
https://security.netapp.com/advisory/ntap-20240621-0006/ No Types Assigned


 
https://security.netapp.com/advisory/ntap-20240621-0006/ Third Party Advisory
Changed Reference Type 
https://security.netapp.com/advisory/ntap-20240621-0007/ No Types Assigned


 
https://security.netapp.com/advisory/ntap-20240621-0007/ Third Party Advisory

CVE Modified by MITRE 6/21/2024 3:15:28 PM

Action Type Old Value New Value
Added Reference 
MITRE https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned]
Added Reference 
MITRE https://security.netapp.com/advisory/ntap-20240621-0007/ [No types assigned]

CVE Modified by MITRE 5/14/2024 9:51:03 AM

Action Type Old Value New Value

CVE Modified by MITRE 4/26/2024 5:15:07 AM

Action Type Old Value New Value
Added Reference 
MITRE https://security.netapp.com/advisory/ntap-20240426-0007/ [No types assigned]

Reanalysis by NIST 2/02/2024 10:40:23 AM

Action Type Old Value New Value
Added CPE Configuration Record truncated, showing 2048 of 3276 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\)
 OR
 cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q-x\/3132q-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172pq\/pq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_3232:-:*:*
Added CPE Configuration Record truncated, showing 2048 of 6038 characters.
View Entire Change Record
AND
 OR
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions up to (excluding) 10.2\(7\)
 *cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:* versions from (including) 10.3\(1\) up to (excluding) 10.3\(5\)
 OR
 cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*
 cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
 cpe:2.3:h:c
Added CPE Configuration 
AND
 OR
 *cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 15.1.0
 OR
 cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*
Added CPE Configuration Record truncated, showing 2048 of 2581 characters.
View Entire Change Record
OR
 *cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:* versions up to (excluding) 11.1
 *cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.3
 *cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.0
 *cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* versions up to (excluding) 7.4.2
 *cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:* versions up to (excluding) 4.11.0
 *cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 9.3.3
 *cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:* versions up to (excluding) 7.2.1
 *cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* versions up to (excluding) 3.10.4
 *cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:* versions up to (excluding) 11.2
 *cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:* versions up to (excluding) 2.2.0
 *cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:* versions up to (excluding) 2.19.2
 *cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:* versions up to (excluding) x14.3.3
 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.01.0
 *cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0
 *cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:* versions up to (excluding) 2024.02.0
 *cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*
 *cpe:2.3:a:cisco:unified_contact_center_domain_manager:

Modified Analysis by NIST 12/20/2023 12:55:36 PM

Action Type Old Value New Value
Added CPE Configuration 
OR
 *cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:* versions up to (excluding) 1.21.4.3
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5570 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5570 Third Party Advisory

CVE Modified by MITRE 12/01/2023 8:15:08 PM

Action Type Old Value New Value
Added Reference 
MITRE https://www.debian.org/security/2023/dsa-5570 [No types assigned]

Modified Analysis by NIST 12/01/2023 9:22:19 AM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3
 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3


 
OR
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3
 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* versions up to (including) 1.59.2
Changed Reference Type 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage


 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage, Third Party Advisory
Changed Reference Type 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking


 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking, Third Party Advisory
Changed Reference Type 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch


 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch, Vendor Advisory
Changed Reference Type 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 No Types Assigned


 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 Third Party Advisory
Changed Reference Type 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product


 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product, Third Party Advisory
Changed Reference Type 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product


 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product, Third Party Advisory
Changed Reference Type 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes


 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes, Third Party Advisory
Changed Reference Type 
https://github.com/h2o/h2o/pull/3291 Patch


 
https://github.com/h2o/h2o/pull/3291 Patch, Third Party Advisory
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch


 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch, Third Party Advisory
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking


 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking, Third Party Advisory
Changed Reference Type 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes


 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes, Third Party Advisory
Changed Reference Type 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory


 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Mailing List, Vendor Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List


 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List, Third Party Advisory
Changed Reference Type 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch


 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch, Third Party Advisory
Changed Reference Type 
https://security.gentoo.org/glsa/202311-09 No Types Assigned


 
https://security.gentoo.org/glsa/202311-09 Third Party Advisory
Changed Reference Type 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage


 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage, Third Party Advisory
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5540 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5540 Third Party Advisory
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5549 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5549 Third Party Advisory
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5558 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5558 Third Party Advisory
Changed Reference Type 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage


 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage, Third Party Advisory

CVE Modified by MITRE 11/25/2023 6:15:18 AM

Action Type Old Value New Value
Added Reference 
MITRE https://security.gentoo.org/glsa/202311-09 [No types assigned]

CVE Modified by MITRE 11/19/2023 5:15:30 PM

Action Type Old Value New Value
Added Reference 
MITRE https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html [No types assigned]

CVE Modified by MITRE 11/18/2023 4:15:07 PM

Action Type Old Value New Value
Added Reference 
MITRE https://www.debian.org/security/2023/dsa-5558 [No types assigned]

CVE Modified by MITRE 11/07/2023 12:15:12 AM

Action Type Old Value New Value
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ [No types assigned]

CVE Modified by MITRE 11/06/2023 11:21:36 PM

Action Type Old Value New Value
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No types assigned]
Added Reference 
MITRE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No types assigned]
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Removed Reference 
MITRE https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/

CVE Modified by MITRE 11/05/2023 10:15:12 PM

Action Type Old Value New Value
Added Reference 
https://www.debian.org/security/2023/dsa-5549 [No Types Assigned]

CVE Modified by MITRE 11/05/2023 7:15:08 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html [No Types Assigned]

CVE Modified by MITRE 11/03/2023 6:15:11 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ [No Types Assigned]

CVE Modified by MITRE 11/03/2023 5:15:16 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ [No Types Assigned]

CVE Modified by MITRE 11/03/2023 1:15:30 AM

Action Type Old Value New Value
Added Reference 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 [No Types Assigned]

CVE Modified by MITRE 10/31/2023 12:15:09 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html [No Types Assigned]

CVE Modified by MITRE 10/31/2023 3:15:10 AM

Action Type Old Value New Value
Added Reference 
https://www.debian.org/security/2023/dsa-5540 [No Types Assigned]

CVE Modified by MITRE 10/30/2023 6:15:10 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html [No Types Assigned]

CVE Modified by MITRE 10/29/2023 12:15:10 AM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ [No Types Assigned]

CVE Modified by MITRE 10/28/2023 11:15:08 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ [No Types Assigned]

CVE Modified by MITRE 10/27/2023 11:15:08 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ [No Types Assigned]

CVE Modified by MITRE 10/26/2023 1:15:25 AM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ [No Types Assigned]

CVE Modified by MITRE 10/25/2023 11:15:10 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ [No Types Assigned]

CVE Modified by MITRE 10/25/2023 2:17:32 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ [No Types Assigned]

Reanalysis by NIST 10/25/2023 11:26:25 AM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0


 
OR
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1

Modified Analysis by NIST 10/24/2023 8:58:07 AM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5
 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:*


 
OR
 *cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:* versions from (including) 2.12.0 up to (including) 2.12.5
 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*
 *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*
Changed CPE Configuration 
OR
 *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*


 
OR
 *cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
 *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.0
Added CPE Configuration 
OR
 *cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* versions up to (including) 2.414.2
 *cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:* versions up to (including) 2.427
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/18/4 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/18/4 Mailing List, Third Party Advisory
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/18/8 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/18/8 Mailing List, Third Party Advisory
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/19/6 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/19/6 Mailing List, Third Party Advisory
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/20/8 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/20/8 Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ Mailing List
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ Mailing List

CVE Modified by MITRE 10/20/2023 5:15:09 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/20/8 [No Types Assigned]

CVE Modified by MITRE 10/19/2023 11:15:09 PM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ [No Types Assigned]
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ [No Types Assigned]

CVE Modified by MITRE 10/19/2023 11:15:09 AM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/19/6 [No Types Assigned]

CVE Modified by MITRE 10/18/2023 11:15:08 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/18/8 [No Types Assigned]

CVE Modified by MITRE 10/18/2023 5:15:09 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/18/4 [No Types Assigned]

Reanalysis by NIST 10/18/2023 1:01:27 PM

Action Type Old Value New Value
Changed CPE Configuration 
OR
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3


 
OR
 *cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* versions up to (excluding) 3.6.1
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3
Changed CPE Configuration 
OR
 *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7


 
OR
 *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.5
Changed CPE Configuration 
OR
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974
 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570
 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570
 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538
 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428
 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*


 
OR
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-08
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974
 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570
 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570
 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538
 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428
 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Added CPE Configuration 
AND
 OR
 *cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*
 OR
 cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:* versions up to (excluding) 10.5.3
Added CPE Configuration 
OR
 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.6
 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.18.0 up to (excluding) 1.18.3
 *cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* versions from (including) 1.19.0 up to (excluding) 1.19.1
Added CPE Configuration 
OR
 *cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:* versions up to (excluding) 4.2.2
Added CPE Configuration 
OR
 *cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:* versions up to (excluding) 3.4.2
Added CPE Configuration 
OR
 *cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:* versions up to (excluding) 1.26.0
Added CPE Configuration 
OR
 *cpe:2.3:a:linkerd:linkerd:*:*:*:*:*:*:*:* versions from (including) 2.12.0 up to (including) 2.12.5
 *cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:*:*:*:*
 *cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:* versions up to (excluding) 2023-10-11
Added CPE Configuration Record truncated, showing 2048 of 4191 characters.
View Entire Change Record
OR
 *cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*
 *cpe:2.3:a:redhat:migr
Added CPE Configuration 
OR
 *cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* versions up to (excluding) 2.10.5
 *cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*
 *cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*
 *cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10
Added CPE Configuration 
OR
 *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
 *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
 *cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Changed Reference Type 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory


 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Press/Media Coverage, Third Party Advisory
Changed Reference Type 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory


 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Press/Media Coverage
Changed Reference Type 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking


 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory


 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Vendor Advisory
Changed Reference Type 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory


 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Product
Changed Reference Type 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory


 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Vendor Advisory
Changed Reference Type 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory


 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Release Notes
Changed Reference Type 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory


 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory


 
https://github.com/kazu-yamamoto/http2/issues/93 Issue Tracking
Changed Reference Type 
https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory


 
https://github.com/line/armeria/pull/5232 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory


 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory


 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Vendor Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Mailing List
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory


 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Mailing List, Third Party Advisory
Changed Reference Type 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory


 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Mailing List
Changed Reference Type 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory


 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Third Party Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37837043 Third Party Advisory


 
https://news.ycombinator.com/item?id=37837043 Issue Tracking

Modified Analysis by NIST 10/18/2023 11:20:46 AM

Action Type Old Value New Value
Added CPE Configuration 
OR
 *cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.0
Added CPE Configuration 
OR
 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0 up to (including) 8.5.93
 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (including) 9.0.80
 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (including) 10.1.13
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
 *cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 8.0.0 up to (excluding) 8.1.9
 *cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.2.3
Added CPE Configuration 
OR
 *cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:* versions up to (excluding) 1.28.0
Added CPE Configuration 
OR
 *cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:* versions up to (excluding) 2.5.7
Added CPE Configuration 
OR
 *cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-10
Added CPE Configuration 
OR
 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions up to (excluding) 9.4.53
 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.0.17
 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.17
 *cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.0.2
Added CPE Configuration 
OR
 *cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*
 *cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*
 *cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*
 *cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*
Added CPE Configuration Record truncated, showing 2048 of 10784 characters.
View Entire Change Record
OR
 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5
 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5
 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10
 *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4
 *cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*
 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5
 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5
 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10
 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4
 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*
 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5
 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5
 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 15.1.0 up to (including) 15.1.10
 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 16.1.0 up to (including) 16.1.4
 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*
 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 13.1.5
 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 14.1.0 up to (including) 14.1.5
 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (incl
Added CPE Configuration 
OR
 *cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:* versions up to (excluding) 2023.10.16.00
Added CPE Configuration 
OR
 *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions up to (excluding) 1.20.10
 *cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* versions from (including) 1.21.0 up to (excluding) 1.21.3
 *cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0
 *cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:* versions up to (excluding) 0.17.0
Added CPE Configuration 
OR
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions up to (excluding) 1.56.3
 *cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*
 *cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* versions from (including) 1.58.0 up to (excluding) 1.58.3
Added CPE Configuration 
OR
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.23
 *cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.12
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.2.20
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.4 up to (excluding) 17.4.12
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.8
 *cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (excluding) 17.7.5
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.6351
 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.4974
 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.3570
 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.3570
 *cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22000.2538
 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.2428
 *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
 *cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Added CPE Configuration 
OR
 *cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:* versions up to (excluding) 2023-10-11
Added CPE Configuration 
OR
 *cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.100
Added CPE Configuration 
OR
 *cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:* versions up to (excluding) 1.57.0
Added CPE Configuration 
OR
 *cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions up to (excluding) 21.0.0
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/13/9 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/13/9 Mailing List, Third Party Advisory
Changed Reference Type 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ No Types Assigned


 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ Third Party Advisory
Changed Reference Type 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch


 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Mailing List, Patch
Changed Reference Type 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory


 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Third Party Advisory
Changed Reference Type 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory


 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Third Party Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory


 
https://github.com/advisories/GHSA-vx74-f528-fxqg Mitigation, Patch, Vendor Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory


 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Patch, Vendor Advisory
Changed Reference Type 
https://github.com/alibaba/tengine/issues/1872 Vendor Advisory


 
https://github.com/alibaba/tengine/issues/1872 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory


 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Product
Changed Reference Type 
https://github.com/apache/trafficserver/pull/10564 Vendor Advisory


 
https://github.com/apache/trafficserver/pull/10564 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory


 
https://github.com/bcdannyboy/CVE-2023-44487 Third Party Advisory
Changed Reference Type 
https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory


 
https://github.com/caddyserver/caddy/issues/5877 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/dotnet/announcements/issues/277 Vendor Advisory


 
https://github.com/dotnet/announcements/issues/277 Mitigation, Vendor Advisory
Changed Reference Type 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory


 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Product, Release Notes, Vendor Advisory
Changed Reference Type 
https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory


 
https://github.com/eclipse/jetty.project/issues/10679 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory


 
https://github.com/envoyproxy/envoy/pull/30055 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/facebook/proxygen/pull/466 Vendor Advisory


 
https://github.com/facebook/proxygen/pull/466 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/golang/go/issues/63417 Vendor Advisory


 
https://github.com/golang/go/issues/63417 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory


 
https://github.com/grpc/grpc-go/pull/6703 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/h2o/h2o/pull/3291 Vendor Advisory


 
https://github.com/h2o/h2o/pull/3291 Patch
Changed Reference Type 
https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory


 
https://github.com/haproxy/haproxy/issues/2312 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory


 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Product, Vendor Advisory
Changed Reference Type 
https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory


 
https://github.com/kubernetes/kubernetes/pull/121120 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/micrictor/http2-rst-stream Vendor Advisory


 
https://github.com/micrictor/http2-rst-stream Exploit, Third Party Advisory
Changed Reference Type 
https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory


 
https://github.com/microsoft/CBL-Mariner/pull/6381 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory


 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory


 
https://github.com/nghttp2/nghttp2/pull/1961 Patch, Vendor Advisory
Changed Reference Type 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory


 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Release Notes
Changed Reference Type 
https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory


 
https://github.com/opensearch-project/data-prepper/issues/3474 Issue Tracking, Patch, Vendor Advisory
Changed Reference Type 
https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory


 
https://github.com/oqtane/oqtane.framework/discussions/3367 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ No Types Assigned


 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ Third Party Advisory
Changed Reference Type 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory


 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Mailing List, Vendor Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html Third Party Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html Third Party Advisory
Changed Reference Type 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ No Types Assigned


 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ Third Party Advisory
Changed Reference Type 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html No Types Assigned


 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html Third Party Advisory
Changed Reference Type 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List


 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List, Patch
Changed Reference Type 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory


 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Patch, Vendor Advisory
Changed Reference Type 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory


 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Mitigation, Patch, Vendor Advisory
Changed Reference Type 
https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory


 
https://netty.io/news/2023/10/10/4-1-100-Final.html Release Notes, Vendor Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37830987 Third Party Advisory


 
https://news.ycombinator.com/item?id=37830987 Issue Tracking, Third Party Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37830998 Press/Media Coverage


 
https://news.ycombinator.com/item?id=37830998 Issue Tracking, Press/Media Coverage
Changed Reference Type 
https://news.ycombinator.com/item?id=37831062 Third Party Advisory


 
https://news.ycombinator.com/item?id=37831062 Issue Tracking, Third Party Advisory
Changed Reference Type 
https://security.netapp.com/advisory/ntap-20231016-0001/ No Types Assigned


 
https://security.netapp.com/advisory/ntap-20231016-0001/ Third Party Advisory
Changed Reference Type 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory


 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Release Notes, Vendor Advisory
Changed Reference Type 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory


 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Mitigation, Vendor Advisory

CVE Modified by MITRE 10/16/2023 9:15:09 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html [No Types Assigned]

CVE Modified by MITRE 10/16/2023 3:15:10 PM

Action Type Old Value New Value
Added Reference 
https://security.netapp.com/advisory/ntap-20231016-0001/ [No Types Assigned]

CVE Modified by MITRE 10/16/2023 2:15:16 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html [No Types Assigned]

CVE Modified by MITRE 10/15/2023 3:15:09 PM

Action Type Old Value New Value
Added Reference 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ [No Types Assigned]

CVE Modified by MITRE 10/15/2023 12:15:12 AM

Action Type Old Value New Value
Added Reference 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ [No Types Assigned]

CVE Modified by MITRE 10/13/2023 9:15:46 PM

Action Type Old Value New Value
Added Reference 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ [No Types Assigned]
Added Reference 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html [No Types Assigned]

CVE Modified by MITRE 10/13/2023 5:15:51 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/13/9 [No Types Assigned]

Initial Analysis by NIST 10/13/2023 3:32:37 PM

Action Type Old Value New Value
Added CVSS V3.1 
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE 
NIST CWE-400
Added CPE Configuration 
OR
 *cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*
Changed Reference Type 
http://www.openwall.com/lists/oss-security/2023/10/13/4 No Types Assigned


 
http://www.openwall.com/lists/oss-security/2023/10/13/4 Mailing List, Third Party Advisory
Changed Reference Type 
https://access.redhat.com/security/cve/cve-2023-44487 No Types Assigned


 
https://access.redhat.com/security/cve/cve-2023-44487 Vendor Advisory
Changed Reference Type 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ No Types Assigned


 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ Vendor Advisory
Changed Reference Type 
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ No Types Assigned


 
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ Technical Description, Vendor Advisory
Changed Reference Type 
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ No Types Assigned


 
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ Vendor Advisory
Changed Reference Type 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ No Types Assigned


 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ Vendor Advisory
Changed Reference Type 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack No Types Assigned


 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack Vendor Advisory
Changed Reference Type 
https://blog.vespa.ai/cve-2023-44487/ No Types Assigned


 
https://blog.vespa.ai/cve-2023-44487/ Vendor Advisory
Changed Reference Type 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 No Types Assigned


 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 Issue Tracking
Changed Reference Type 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 No Types Assigned


 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 No Types Assigned


 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 Issue Tracking
Changed Reference Type 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 No Types Assigned


 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 Patch
Changed Reference Type 
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ No Types Assigned


 
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ Technical Description, Vendor Advisory
Changed Reference Type 
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack No Types Assigned


 
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack Technical Description, Vendor Advisory
Changed Reference Type 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 No Types Assigned


 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 Vendor Advisory
Changed Reference Type 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve No Types Assigned


 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve Technical Description, Vendor Advisory
Changed Reference Type 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 No Types Assigned


 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 Vendor Advisory
Changed Reference Type 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 No Types Assigned


 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 Vendor Advisory
Changed Reference Type 
https://github.com/Azure/AKS/issues/3947 No Types Assigned


 
https://github.com/Azure/AKS/issues/3947 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/Kong/kong/discussions/11741 No Types Assigned


 
https://github.com/Kong/kong/discussions/11741 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 No Types Assigned


 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-vx74-f528-fxqg No Types Assigned


 
https://github.com/advisories/GHSA-vx74-f528-fxqg Vendor Advisory
Changed Reference Type 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p No Types Assigned


 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p Vendor Advisory
Changed Reference Type 
https://github.com/akka/akka-http/issues/4323 No Types Assigned


 
https://github.com/akka/akka-http/issues/4323 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/alibaba/tengine/issues/1872 No Types Assigned


 
https://github.com/alibaba/tengine/issues/1872 Vendor Advisory
Changed Reference Type 
https://github.com/apache/apisix/issues/10320 No Types Assigned


 
https://github.com/apache/apisix/issues/10320 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/apache/httpd-site/pull/10 No Types Assigned


 
https://github.com/apache/httpd-site/pull/10 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 No Types Assigned


 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 Vendor Advisory
Changed Reference Type 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 No Types Assigned


 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 Vendor Advisory
Changed Reference Type 
https://github.com/apache/trafficserver/pull/10564 No Types Assigned


 
https://github.com/apache/trafficserver/pull/10564 Vendor Advisory
Changed Reference Type 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 No Types Assigned


 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/bcdannyboy/CVE-2023-44487 No Types Assigned


 
https://github.com/bcdannyboy/CVE-2023-44487 Vendor Advisory
Changed Reference Type 
https://github.com/caddyserver/caddy/issues/5877 No Types Assigned


 
https://github.com/caddyserver/caddy/issues/5877 Vendor Advisory
Changed Reference Type 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 No Types Assigned


 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/dotnet/announcements/issues/277 No Types Assigned


 
https://github.com/dotnet/announcements/issues/277 Vendor Advisory
Changed Reference Type 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 No Types Assigned


 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 Vendor Advisory
Changed Reference Type 
https://github.com/eclipse/jetty.project/issues/10679 No Types Assigned


 
https://github.com/eclipse/jetty.project/issues/10679 Vendor Advisory
Changed Reference Type 
https://github.com/envoyproxy/envoy/pull/30055 No Types Assigned


 
https://github.com/envoyproxy/envoy/pull/30055 Vendor Advisory
Changed Reference Type 
https://github.com/etcd-io/etcd/issues/16740 No Types Assigned


 
https://github.com/etcd-io/etcd/issues/16740 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/facebook/proxygen/pull/466 No Types Assigned


 
https://github.com/facebook/proxygen/pull/466 Vendor Advisory
Changed Reference Type 
https://github.com/golang/go/issues/63417 No Types Assigned


 
https://github.com/golang/go/issues/63417 Vendor Advisory
Changed Reference Type 
https://github.com/grpc/grpc-go/pull/6703 No Types Assigned


 
https://github.com/grpc/grpc-go/pull/6703 Vendor Advisory
Changed Reference Type 
https://github.com/h2o/h2o/pull/3291 No Types Assigned


 
https://github.com/h2o/h2o/pull/3291 Vendor Advisory
Changed Reference Type 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf No Types Assigned


 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf Vendor Advisory
Changed Reference Type 
https://github.com/haproxy/haproxy/issues/2312 No Types Assigned


 
https://github.com/haproxy/haproxy/issues/2312 Vendor Advisory
Changed Reference Type 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 No Types Assigned


 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 Vendor Advisory
Changed Reference Type 
https://github.com/junkurihara/rust-rpxy/issues/97 No Types Assigned


 
https://github.com/junkurihara/rust-rpxy/issues/97 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 No Types Assigned


 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 Patch
Changed Reference Type 
https://github.com/kazu-yamamoto/http2/issues/93 No Types Assigned


 
https://github.com/kazu-yamamoto/http2/issues/93 Vendor Advisory
Changed Reference Type 
https://github.com/kubernetes/kubernetes/pull/121120 No Types Assigned


 
https://github.com/kubernetes/kubernetes/pull/121120 Vendor Advisory
Changed Reference Type 
https://github.com/line/armeria/pull/5232 No Types Assigned


 
https://github.com/line/armeria/pull/5232 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 No Types Assigned


 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 Vendor Advisory
Changed Reference Type 
https://github.com/micrictor/http2-rst-stream No Types Assigned


 
https://github.com/micrictor/http2-rst-stream Vendor Advisory
Changed Reference Type 
https://github.com/microsoft/CBL-Mariner/pull/6381 No Types Assigned


 
https://github.com/microsoft/CBL-Mariner/pull/6381 Vendor Advisory
Changed Reference Type 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 No Types Assigned


 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 Vendor Advisory
Changed Reference Type 
https://github.com/nghttp2/nghttp2/pull/1961 No Types Assigned


 
https://github.com/nghttp2/nghttp2/pull/1961 Vendor Advisory
Changed Reference Type 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 No Types Assigned


 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 Vendor Advisory
Changed Reference Type 
https://github.com/ninenines/cowboy/issues/1615 No Types Assigned


 
https://github.com/ninenines/cowboy/issues/1615 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/nodejs/node/pull/50121 No Types Assigned


 
https://github.com/nodejs/node/pull/50121 Vendor Advisory
Changed Reference Type 
https://github.com/openresty/openresty/issues/930 No Types Assigned


 
https://github.com/openresty/openresty/issues/930 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/opensearch-project/data-prepper/issues/3474 No Types Assigned


 
https://github.com/opensearch-project/data-prepper/issues/3474 Vendor Advisory
Changed Reference Type 
https://github.com/oqtane/oqtane.framework/discussions/3367 No Types Assigned


 
https://github.com/oqtane/oqtane.framework/discussions/3367 Vendor Advisory
Changed Reference Type 
https://github.com/projectcontour/contour/pull/5826 No Types Assigned


 
https://github.com/projectcontour/contour/pull/5826 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/tempesta-tech/tempesta/issues/1986 No Types Assigned


 
https://github.com/tempesta-tech/tempesta/issues/1986 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://github.com/varnishcache/varnish-cache/issues/3996 No Types Assigned


 
https://github.com/varnishcache/varnish-cache/issues/3996 Issue Tracking, Vendor Advisory
Changed Reference Type 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo No Types Assigned


 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo Vendor Advisory
Changed Reference Type 
https://istio.io/latest/news/security/istio-security-2023-004/ No Types Assigned


 
https://istio.io/latest/news/security/istio-security-2023-004/ Vendor Advisory
Changed Reference Type 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q No Types Assigned


 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Vendor Advisory
Changed Reference Type 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html No Types Assigned


 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html Vendor Advisory
Changed Reference Type 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html No Types Assigned


 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Mailing List
Changed Reference Type 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html No Types Assigned


 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html Vendor Advisory
Changed Reference Type 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ No Types Assigned


 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ Vendor Advisory
Changed Reference Type 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 No Types Assigned


 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 Patch, Vendor Advisory
Changed Reference Type 
https://my.f5.com/manage/s/article/K000137106 No Types Assigned


 
https://my.f5.com/manage/s/article/K000137106 Vendor Advisory
Changed Reference Type 
https://netty.io/news/2023/10/10/4-1-100-Final.html No Types Assigned


 
https://netty.io/news/2023/10/10/4-1-100-Final.html Vendor Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37830987 No Types Assigned


 
https://news.ycombinator.com/item?id=37830987 Third Party Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37830998 No Types Assigned


 
https://news.ycombinator.com/item?id=37830998 Press/Media Coverage
Changed Reference Type 
https://news.ycombinator.com/item?id=37831062 No Types Assigned


 
https://news.ycombinator.com/item?id=37831062 Third Party Advisory
Changed Reference Type 
https://news.ycombinator.com/item?id=37837043 No Types Assigned


 
https://news.ycombinator.com/item?id=37837043 Third Party Advisory
Changed Reference Type 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ No Types Assigned


 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ Third Party Advisory
Changed Reference Type 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected No Types Assigned


 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected Third Party Advisory
Changed Reference Type 
https://security.paloaltonetworks.com/CVE-2023-44487 No Types Assigned


 
https://security.paloaltonetworks.com/CVE-2023-44487 Vendor Advisory
Changed Reference Type 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 No Types Assigned


 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 Vendor Advisory
Changed Reference Type 
https://ubuntu.com/security/CVE-2023-44487 No Types Assigned


 
https://ubuntu.com/security/CVE-2023-44487 Vendor Advisory
Changed Reference Type 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ No Types Assigned


 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ Third Party Advisory
Changed Reference Type 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 No Types Assigned


 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 Third Party Advisory, US Government Resource
Changed Reference Type 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event No Types Assigned


 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event Press/Media Coverage
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5521 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5521 Vendor Advisory
Changed Reference Type 
https://www.debian.org/security/2023/dsa-5522 No Types Assigned


 
https://www.debian.org/security/2023/dsa-5522 Vendor Advisory
Changed Reference Type 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 No Types Assigned


 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 Vendor Advisory
Changed Reference Type 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ No Types Assigned


 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ Vendor Advisory
Changed Reference Type 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ No Types Assigned


 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ Vendor Advisory
Changed Reference Type 
https://www.openwall.com/lists/oss-security/2023/10/10/6 No Types Assigned


 
https://www.openwall.com/lists/oss-security/2023/10/10/6 Mailing List, Third Party Advisory
Changed Reference Type 
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack No Types Assigned


 
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack Press/Media Coverage
Changed Reference Type 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ No Types Assigned


 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ Press/Media Coverage

CVE Modified by MITRE 10/13/2023 2:15:09 PM

Action Type Old Value New Value
Added Reference 
http://www.openwall.com/lists/oss-security/2023/10/13/4 [No Types Assigned]

CVE Modified by MITRE 10/13/2023 12:15:12 PM

Action Type Old Value New Value
Added Reference 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html [No Types Assigned]

CVE Modified by MITRE 10/12/2023 8:15:13 PM

Action Type Old Value New Value
Added Reference 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 [No Types Assigned]

CVE Modified by MITRE 10/12/2023 2:15:11 PM

Action Type Old Value New Value
Added Reference 
https://github.com/Azure/AKS/issues/3947 [No Types Assigned]
Added Reference 
https://github.com/Kong/kong/discussions/11741 [No Types Assigned]
Added Reference 
https://github.com/akka/akka-http/issues/4323 [No Types Assigned]
Added Reference 
https://github.com/apache/apisix/issues/10320 [No Types Assigned]
Added Reference 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 [No Types Assigned]
Added Reference 
https://github.com/openresty/openresty/issues/930 [No Types Assigned]
Added Reference 
https://security.paloaltonetworks.com/CVE-2023-44487 [No Types Assigned]
Added Reference 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ [No Types Assigned]

CVE Modified by MITRE 10/11/2023 6:15:10 PM

Action Type Old Value New Value
Added Reference 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ [No Types Assigned]

CVE Modified by MITRE 10/11/2023 5:15:10 PM

Action Type Old Value New Value
Added Reference 
https://github.com/apache/httpd-site/pull/10 [No Types Assigned]
Added Reference 
https://github.com/line/armeria/pull/5232 [No Types Assigned]
Added Reference 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 [No Types Assigned]
Added Reference 
https://github.com/projectcontour/contour/pull/5826 [No Types Assigned]

CVE Modified by MITRE 10/11/2023 4:15:10 PM

Action Type Old Value New Value
Added Reference 
https://access.redhat.com/security/cve/cve-2023-44487 [No Types Assigned]
Added Reference 
https://blog.vespa.ai/cve-2023-44487/ [No Types Assigned]
Added Reference 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 [No Types Assigned]
Added Reference 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 [No Types Assigned]
Added Reference 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 [No Types Assigned]
Added Reference 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 [No Types Assigned]
Added Reference 
https://github.com/etcd-io/etcd/issues/16740 [No Types Assigned]
Added Reference 
https://github.com/junkurihara/rust-rpxy/issues/97 [No Types Assigned]
Added Reference 
https://github.com/ninenines/cowboy/issues/1615 [No Types Assigned]
Added Reference 
https://github.com/tempesta-tech/tempesta/issues/1986 [No Types Assigned]
Added Reference 
https://github.com/varnishcache/varnish-cache/issues/3996 [No Types Assigned]
Added Reference 
https://istio.io/latest/news/security/istio-security-2023-004/ [No Types Assigned]
Added Reference 
https://ubuntu.com/security/CVE-2023-44487 [No Types Assigned]
Added Reference 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event [No Types Assigned]

CVE Modified by MITRE 10/11/2023 3:15:11 AM

Action Type Old Value New Value
Added Reference 
https://www.debian.org/security/2023/dsa-5521 [No Types Assigned]
Added Reference 
https://www.debian.org/security/2023/dsa-5522 [No Types Assigned]

CVE Modified by MITRE 10/11/2023 1:15:45 AM

Action Type Old Value New Value
Added Reference 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 [No Types Assigned]
Added Reference 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 [No Types Assigned]
Added Reference 
https://github.com/kazu-yamamoto/http2/issues/93 [No Types Assigned]
Added Reference 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html [No Types Assigned]

CVE Modified by MITRE 10/10/2023 9:15:08 PM

Action Type Old Value New Value
Added Reference 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack [No Types Assigned]
Added Reference 
https://news.ycombinator.com/item?id=37837043 [No Types Assigned]
Added Reference 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 [No Types Assigned]
Added Reference 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ [No Types Assigned]

CVE Modified by MITRE 10/10/2023 8:15:22 PM

Action Type Old Value New Value
Added Reference 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p [No Types Assigned]
Added Reference 
https://github.com/kubernetes/kubernetes/pull/121120 [No Types Assigned]
Added Reference 
https://github.com/opensearch-project/data-prepper/issues/3474 [No Types Assigned]
Added Reference 
https://github.com/oqtane/oqtane.framework/discussions/3367 [No Types Assigned]
Added Reference 
https://netty.io/news/2023/10/10/4-1-100-Final.html [No Types Assigned]
Added Reference 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 [No Types Assigned]

CVE Modified by MITRE 10/10/2023 6:15:11 PM

Action Type Old Value New Value
Added Reference 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 [No Types Assigned]

CVE Modified by MITRE 10/10/2023 5:15:09 PM

Action Type Old Value New Value
Added Reference 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q [No Types Assigned]
Added Reference 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected [No Types Assigned]
Added Reference 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 [No Types Assigned]
Added Reference 
https://www.openwall.com/lists/oss-security/2023/10/10/6 [No Types Assigned]
Removed Reference 
https://github.com/hyperium/hyper/issues/3337 [No Types Assigned]

CVE Modified by MITRE 10/10/2023 3:15:09 PM

Action Type Old Value New Value
Added Reference 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve [No Types Assigned]
Added Reference 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 [No Types Assigned]
Added Reference 
https://github.com/advisories/GHSA-vx74-f528-fxqg [No Types Assigned]
Added Reference 
https://github.com/apache/trafficserver/pull/10564 [No Types Assigned]
Added Reference 
https://github.com/dotnet/announcements/issues/277 [No Types Assigned]
Added Reference 
https://github.com/facebook/proxygen/pull/466 [No Types Assigned]
Added Reference 
https://github.com/golang/go/issues/63417 [No Types Assigned]
Added Reference 
https://github.com/h2o/h2o/pull/3291 [No Types Assigned]
Added Reference 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf [No Types Assigned]
Added Reference 
https://github.com/micrictor/http2-rst-stream [No Types Assigned]
Added Reference 
https://github.com/microsoft/CBL-Mariner/pull/6381 [No Types Assigned]
Added Reference 
https://github.com/nodejs/node/pull/50121 [No Types Assigned]
Added Reference 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo [No Types Assigned]
Added Reference 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 [No Types Assigned]
Added Reference 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ [No Types Assigned]

CVE Modified by MITRE 10/10/2023 2:15:19 PM

Action Type Old Value New Value
Added Reference 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 [No Types Assigned]
Added Reference 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 [No Types Assigned]
Added Reference 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ [No Types Assigned]

CVE Modified by MITRE 10/10/2023 1:15:13 PM

Action Type Old Value New Value
Added Reference 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 [No Types Assigned]
Added Reference 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html [No Types Assigned]
Added Reference 
https://my.f5.com/manage/s/article/K000137106 [No Types Assigned]

CVE Modified by MITRE 10/10/2023 12:15:10 PM

Action Type Old Value New Value
Added Reference 
https://github.com/grpc/grpc-go/pull/6703 [No Types Assigned]
Added Reference 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 [No Types Assigned]
Removed Reference 
https://chaos.social/@icing/111210915918780532 [No Types Assigned]

CVE Modified by MITRE 10/10/2023 11:15:10 AM

Action Type Old Value New Value
Added Reference 
https://chaos.social/@icing/111210915918780532 [No Types Assigned]
Added Reference 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 [No Types Assigned]
Added Reference 
https://github.com/alibaba/tengine/issues/1872 [No Types Assigned]
Added Reference 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 [No Types Assigned]
Added Reference 
https://github.com/bcdannyboy/CVE-2023-44487 [No Types Assigned]
Added Reference 
https://github.com/caddyserver/caddy/issues/5877 [No Types Assigned]
Added Reference 
https://github.com/eclipse/jetty.project/issues/10679 [No Types Assigned]
Added Reference 
https://github.com/envoyproxy/envoy/pull/30055 [No Types Assigned]
Added Reference 
https://github.com/haproxy/haproxy/issues/2312 [No Types Assigned]
Added Reference 
https://github.com/hyperium/hyper/issues/3337 [No Types Assigned]
Added Reference 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 [No Types Assigned]
Added Reference 
https://github.com/nghttp2/nghttp2/pull/1961 [No Types Assigned]
Added Reference 
https://news.ycombinator.com/item?id=37830987 [No Types Assigned]
Added Reference 
https://news.ycombinator.com/item?id=37830998 [No Types Assigned]
Added Reference 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2023-44487
NVD Published Date:
10/10/2023
NVD Last Modified:
06/17/2026
Source:
MITRE