Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2023-44487

Public on 2023-10-10
Modified on 2023-12-13
Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2023 dotnet6.0 2023-10-16 13:45 ALAS2023-2023-389
Amazon Linux 2 - Ecs Extra ecs-service-connect-agent 2023-10-31 00:17 ALAS2ECS-2023-016
Amazon Linux 2023 ecs-service-connect-agent 2023-10-30 23:44 ALAS2023-2023-420
Amazon Linux 1 golang 2023-10-16 13:45 ALAS-2023-1871
Amazon Linux 2 - Core golang 2023-10-16 13:45 ALAS2-2023-2313
Amazon Linux 2023 golang 2023-10-16 13:45 ALAS2023-2023-394
Amazon Linux 2023 grpc 2024-01-03 23:20 ALAS2023-2024-474
Amazon Linux 1 nghttp2 2023-10-16 13:45 ALAS-2023-1869
Amazon Linux 2 - Core nghttp2 2023-10-16 13:45 ALAS2-2023-2312
Amazon Linux 2023 nghttp2 2023-10-16 13:45 ALAS2023-2023-392
Amazon Linux 1 nginx 2023-10-16 13:45 ALAS-2023-1870
Amazon Linux 2 - Nginx1 Extra nginx 2023-10-16 13:45 ALAS2NGINX1-2023-006
Amazon Linux 2023 nginx 2023-10-16 13:45 ALAS2023-2023-393
Amazon Linux 2023 nodejs 2023-10-16 13:45 ALAS2023-2023-391
Amazon Linux 2 - Tomcat8.5 Extra tomcat 2023-10-16 13:45 ALAS2TOMCAT8.5-2023-016
Amazon Linux 2 - Tomcat9 Extra tomcat 2023-10-16 13:45 ALAS2TOMCAT9-2023-010
Amazon Linux 1 tomcat8 2023-10-16 13:45 ALAS-2023-1868
Amazon Linux 2023 tomcat9 2023-10-16 13:45 ALAS2023-2023-390

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H