Vulnerabilities > CVE-2023-44487

047910
CVSS 7.5 - HIGH

Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Vulnerable Configurations

Part Description Count
Application
Ietf
1
Application
Nghttp2
118
Application
Netty
268
Application
Envoyproxy
4
Application
Eclipse
636
Application
Caddyserver
113
Application
Golang
310
Application
F5
1627
Application
Apache
526
Application
Apple
58
Application
Grpc
332
Application
Microsoft
904
Application
Nodejs
27
Application
Dena
71
Application
Facebook
354
Application
Amazon
24
Application
Kazu-Yamamoto
59
Application
Istio
316
Application
Varnish_Cache_Project
93
Application
Traefik
389
Application
Projectcontour
69
Application
Linkerd
11
Application
Linecorp
224
Application
Redhat
62
Application
Netapp
2
Application
Akka
49
Application
Konghq
61
Application
Jenkins
1103
Application
Openresty
175
Application
Cisco
526
OS
Microsoft
1095
OS
Debian
3
OS
Redhat
3
OS
Fedoraproject
2
OS
Cisco
2148
Hardware
Cisco
155

References