CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%
nghttpd2 is prone to a denial of service (DoS) vulnerability in
the HTTP/2 protocol.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:nghttp2:nghttp2";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.170601");
script_version("2023-10-17T05:05:34+0000");
script_tag(name:"last_modification", value:"2023-10-17 05:05:34 +0000 (Tue, 17 Oct 2023)");
script_tag(name:"creation_date", value:"2023-10-12 14:32:29 +0000 (Thu, 12 Oct 2023)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-10-14 01:15:00 +0000 (Sat, 14 Oct 2023)");
script_cve_id("CVE-2023-44487");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("nghttp2 < 1.57.0 HTTP/2 Protocol DoS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Denial of Service");
script_dependencies("gb_nghttp2_detect.nasl");
script_mandatory_keys("nghttp2/detected");
script_tag(name:"summary", value:"nghttpd2 is prone to a denial of service (DoS) vulnerability in
the HTTP/2 protocol.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The HTTP/2 protocol allows a denial of service (server resource
consumption) because request cancellation can reset many streams quickly, as exploited in the wild
in August through October 2023.
The flaw is also known as HTTP/2 Rapid Reset Attack.");
script_tag(name:"impact", value:"This vulnerability allows a remote, unauthenticated attacker to
cause an increase in CPU usage that can lead to a denial-of-service (DoS).");
script_tag(name:"affected", value:"nghttpd2 versions prior to 1.57.0.");
script_tag(name:"solution", value:"Update to version 1.57.0 or later.");
script_xref(name:"URL", value:"https://github.com/nghttp2/nghttp2/pull/1961");
script_xref(name:"URL", value:"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0");
script_xref(name:"URL", value:"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg");
script_xref(name:"URL", value:"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack");
script_xref(name:"URL", value:"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/");
script_xref(name:"URL", value:"https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/");
script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2023/10/10/6");
script_xref(name:"URL", value:"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "1.57.0")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.57.0", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/
blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
github.com/nghttp2/nghttp2/pull/1961
github.com/nghttp2/nghttp2/releases/tag/v1.57.0
github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
www.openwall.com/lists/oss-security/2023/10/10/6
Known Exploited Vulnerability (KEV) catalog
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%