The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2023 | dotnet6.0 | 2023-10-16 13:45 | ALAS2023-2023-389 |
Amazon Linux 2 - Ecs Extra | ecs-service-connect-agent | 2023-10-31 00:17 | ALAS2ECS-2023-016 |
Amazon Linux 2023 | ecs-service-connect-agent | 2023-10-30 23:44 | ALAS2023-2023-420 |
Amazon Linux 1 | golang | 2023-10-16 13:45 | ALAS-2023-1871 |
Amazon Linux 2 - Core | golang | 2023-10-16 13:45 | ALAS2-2023-2313 |
Amazon Linux 2023 | golang | 2023-10-16 13:45 | ALAS2023-2023-394 |
Amazon Linux 2023 | grpc | 2024-01-03 23:20 | ALAS2023-2024-474 |
Amazon Linux 1 | nghttp2 | 2023-10-16 13:45 | ALAS-2023-1869 |
Amazon Linux 2 - Core | nghttp2 | 2023-10-16 13:45 | ALAS2-2023-2312 |
Amazon Linux 2023 | nghttp2 | 2023-10-16 13:45 | ALAS2023-2023-392 |
Amazon Linux 1 | nginx | 2023-10-16 13:45 | ALAS-2023-1870 |
Amazon Linux 2 - Nginx1 Extra | nginx | 2023-10-16 13:45 | ALAS2NGINX1-2023-006 |
Amazon Linux 2023 | nginx | 2023-10-16 13:45 | ALAS2023-2023-393 |
Amazon Linux 2023 | nodejs | 2023-10-16 13:45 | ALAS2023-2023-391 |
Amazon Linux 2 - Tomcat8.5 Extra | tomcat | 2023-10-16 13:45 | ALAS2TOMCAT8.5-2023-016 |
Amazon Linux 2 - Tomcat9 Extra | tomcat | 2023-10-16 13:45 | ALAS2TOMCAT9-2023-010 |
Amazon Linux 1 | tomcat8 | 2023-10-16 13:45 | ALAS-2023-1868 |
Amazon Linux 2023 | tomcat9 | 2023-10-16 13:45 | ALAS2023-2023-390 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
NVD | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |