Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-44487HistoryOct 10, 2023 - 2:15 p.m.
CVE-2023-44487
2023-10-1014:15:10
Alpine Linux Development Team
security.alpinelinux.org
28
http/2
denial of service
server resource
request cancellation
exploited
unix
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | dotnet6-build | < 6.0.123-r0 | UNKNOWN |
| Alpine | edge-community | noarch | dotnet6-build | < 6.0.124-r0 | UNKNOWN |
| Alpine | edge-community | noarch | dotnet6-runtime | < 6.0.23-r0 | UNKNOWN |
| Alpine | edge-community | noarch | dotnet6-runtime | < 6.0.24-r0 | UNKNOWN |
| Alpine | edge-community | noarch | go | < 1.21.3-r0 | UNKNOWN |
| Alpine | edge-community | noarch | grpc | < 1.59.3-r0 | UNKNOWN |
| Alpine | edge-community | noarch | jetty-runner | < 9.4.53.20231009-r0 | UNKNOWN |
| Alpine | edge-community | noarch | netdata | < 1.43.2-r1 | UNKNOWN |
| Alpine | edge-community | noarch | nodejs-current | < 0 | UNKNOWN |
| Alpine | edge-community | noarch | openjdk21 | < 21.0.2_p13-r0 | UNKNOWN |
Related
thn
thn
nessus
nessus
EulerOS 2.0 SP10 : nghttp2 (EulerOS-SA-2024-1068)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2023-3254)
2024-01-16 00:00:00
osv
osv
Moderate: nginx:1.22 security update
2023-10-25 00:00:00
BIT-jenkins-2023-44487
2024-03-06 10:54:03
Important: nghttp2 security update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:5764) Important: nodejs security update
2023-10-17 08:48:06
(RHSA-2023:6286) Important: Red Hat Data Grid 7.3.11 security update
2023-11-02 15:28:07
(RHSA-2023:5720) Moderate: rh-nginx120-nginx security update
2023-10-16 12:12:40
ubuntu
ubuntu
.NET vulnerability
2023-10-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-44487 affecting package nmi for versions less than 1.8.7-14
2024-06-28 09:08:25
CVE-2023-44487 affecting package packer for versions less than 1.8.1-14
2024-02-09 19:07:07
almalinux
almalinux
Important: nghttp2 security update
2023-11-07 00:00:00
Moderate: nginx security update
2023-10-16 00:00:00
Moderate: nginx:1.22 security update
2023-10-16 00:00:00
oraclelinux
oraclelinux
nginx:1.22 security update
2023-10-17 00:00:00
nginx security update
2023-10-17 00:00:00
varnish security update
2023-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39
2023-11-03 18:57:04
[SECURITY] Fedora 39 Update: wangle-2023.10.16.00-1.fc39
2023-11-03 19:01:54
[SECURITY] Fedora 39 Update: fbthrift-2023.10.16.00-1.fc39
2023-11-03 19:01:53
cvelist
cvelist
CVE-2023-44487
2023-10-10 00:00:00
cloudlinux
cloudlinux
nginx: Fix of CVE-2023-44487
2023-10-23 22:50:51
ibm
ibm
Security Bulletin: Denial of Service vulnerability in WebSphere Liberty may affect IBM Business Automation Workflow (CVE-2023-44487)
2024-03-01 16:45:03
mscve
mscve
MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack
2023-10-10 07:00:00
slackware
slackware
[slackware-security] nghttp2
2023-10-11 06:45:34
talosblog
talosblog
What to know about the HTTP/2 Rapid Reset DDoS attacks
2023-10-11 23:06:40
hivepro
hivepro
HTTP/2 Zero-Day Exploited for the Most Explosive DDoS Attacks
2023-10-14 08:35:35
openvas
openvas
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1433)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2024-1405)
2024-03-21 00:00:00
Fedora: Security Advisory for fizz (FEDORA-2023-2a9214af5f)
2023-10-25 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Ietf Http
2023-11-24 18:26:36
rocky
rocky
varnish security update
2023-10-24 18:36:42
varnish security update
2023-10-24 18:35:47
nodejs security update
2023-10-24 18:36:46
amazon
amazon
Important: nghttp2
2023-10-16 13:45:00
redos
redos
ROS-20231107-01
2023-11-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-12 14:37:40
atlassian
atlassian
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.5 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
Related for ALPINE:CVE-2023-44487