CVE-2023-44487

Updated: 2025-04-21 16:34:26.764585

Description:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Known exploits

Added Date Description Due Date Notes
2023-10-10 HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). 2023-10-31 This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU mysql 8.0.41 7.5 HIGH In Testing 2025-05-21 01:39:18
AlmaLinux 9.2 ESU nginx 1.20.1 7.5 HIGH Already Fixed 2025-03-20 03:51:24
AlmaLinux 9.2 ESU golang 1.19.13 7.5 HIGH In Progress 2025-05-22 01:48:56
AlmaLinux 9.2 ESU grafana 9.0.9 7.5 HIGH Needs Triage 2025-05-15 19:48:42
AlmaLinux 9.2 ESU tomcat 9.0.62 7.5 HIGH Already Fixed 2025-01-17 01:23:37
AlmaLinux 9.2 ESU mysql 8.0.32 7.5 HIGH Not Vulnerable 2025-05-03 04:06:35
AlmaLinux 9.2 ESU httpd 2.4.53 7.5 HIGH Not Vulnerable 2024-06-20 05:58:18
AlmaLinux 9.2 ESU haproxy 2.4.17 7.5 HIGH Not Vulnerable 2024-12-19 02:38:04
CentOS 6 ELS mysql 5.1.73 7.5 HIGH Not Vulnerable 2025-04-25 03:49:26
CentOS 6 ELS httpd 2.2.15 7.5 HIGH Not Vulnerable 2023-10-17 09:28:55
Total: 55