CVE-2023-44487

HIGH(7.5)KEV — Aktiv ausgenutzt

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Risk Signal Score77/100 — KRITISCH

CVSS 7.5 — Hoch
EPSS 94% — sehr wahrscheinlich ausgenutzt
Im CISA KEV-Katalog (aktiv ausgenutzt)

CISA KEV

Bestätigt ausgenutzt

EPSS-Score

94%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

7.5

Technische Schwere

Beschreibung

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Referenzen

http://www.openwall.com/lists/oss-security/2023/10/10/6
http://www.openwall.com/lists/oss-security/2023/10/10/7
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
https://access.redhat.com/security/cve/cve-2023-44487
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to...