VIR Vulnerability Intelligence Relay

CVE-2023-44487

high KEV
Published 2023-11-07 · Modified 2023-11-27
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H
CVSS v2
VIR risk
9.0

Description

Important: nodejs:20 security update

CISA KEV

Vendor
IETF
Product
HTTP/2
Due date
2023-10-31

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-7205.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2244414

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2244413

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:7205

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5849.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5738.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2228743

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5869.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2244418

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2244415

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2244104

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5869

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6077.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5867.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5863.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5863

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5721.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2243296

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5721

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6746.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5838.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5749.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5708.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5924.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5929.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-6120.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5765.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-5711.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5989.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5989

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5710.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5710

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5709.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5709

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-1444.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2264574

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:1444

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5928.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5928

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5712.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5712

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5713.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5713

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5850.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5850

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-5837.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2242803

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:5837

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5924

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5765

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5838

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5749

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5708

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5738

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6120

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6077

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6746

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5849

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2023-44487.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5863

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5928

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5721

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5989

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5850

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:6818

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:7205

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:1444

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:3121

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.debian.org/security/2023/dsa-5522

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.debian.org/security/2023/dsa-5521

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://ubuntu.com/security/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://security.paloaltonetworks.com/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://netty.io/news/2023/10/10/4-1-100-Final.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://my.f5.com/manage/s/article/K000137106

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://istio.io/latest/news/security/istio-security-2023-004/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/projectcontour/contour/pull/5826

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/opensearch-project/data-prepper/issues/3474

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/nghttp2/nghttp2/pull/1961

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/microsoft/CBL-Mariner/pull/6381

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/line/armeria/pull/5232

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/kubernetes/kubernetes/pull/121120

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/h2o/h2o/pull/3291

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/grpc/grpc-go/pull/6703

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/facebook/proxygen/pull/466

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/etcd-io/etcd/issues/16740

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/envoyproxy/envoy/pull/30055

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/dotnet/announcements/issues/277

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/caddyserver/caddy/releases/tag/v2.7.5

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/caddyserver/caddy/issues/5877

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/apache/trafficserver/pull/10564

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/advisories/GHSA-vx74-f528-fxqg

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/advisories/GHSA-qppj-fm5r-hxr3

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://bugzilla.suse.com/show_bug.cgi?id=1216123

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://bugzilla.redhat.com/show_bug.cgi?id=2242803

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://blog.vespa.ai/cve-2023-44487/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://access.redhat.com/security/cve/cve-2023-44487

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2368

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6746

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6120

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:6077

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5929

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5924

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5867

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5849

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5838

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5765

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5749

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5738

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5711

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:5708

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHEA-2023:6741

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHEA-2023:6562

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5869

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2023:5837

Exploits

OS impact
OSVersionStatusFixed in
rockylinux rocky8fixed
redhat rhel9fixed
debian debianforkyfixed1.8.2-2
debian debiansidfixed1.8.2-2
debian debiantrixiefixed1.8.2-2
suse slesaffected
debian debianbookwormfixed1.8.13-1
debian debianbullseyefixed1.8.13-1
rockylinux rocky9fixed
debian debian10.0affected
debian debian11.0affected
debian debian12.0affected
fedora fedora37affected
fedora fedora38affected
windows windows-affected
redhat rhel6.0affected
redhat rhel8.0affected
redhat rhel9.0affected

Package impact
EcosystemPackageVulnerableFixed
SwiftURLgithub.com/apple/swift-nio-http2<1.28.01.28.0
golang Gogolang.org/x/net<0.17.00.17.0
java Mavenorg.apache.tomcat:tomcat-coyote>=11.0.0-M1,<11.0.0-M1211.0.0-M12
java Mavenorg.apache.tomcat:tomcat-coyote>=10.0.0,<10.1.1410.1.14
java Mavenorg.apache.tomcat:tomcat-coyote>=9.0.0,<9.0.819.0.81
java Mavenorg.apache.tomcat:tomcat-coyote>=8.5.0,<8.5.948.5.94
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=11.0.0-M1,<11.0.0-M1211.0.0-M12
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=10.0.0,<10.1.1410.1.14
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=9.0.0,<9.0.819.0.81
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=8.5.0,<8.5.948.5.94
java Mavenorg.eclipse.jetty.http2:http2-common>=9.3.0,<9.4.539.4.53
java Mavenorg.eclipse.jetty.http2:http2-common>=10.0.0,<10.0.1710.0.17
java Mavenorg.eclipse.jetty.http2:http2-common>=11.0.0,<11.0.1711.0.17
java Mavenorg.eclipse.jetty.http2:http2-server>=9.3.0,<9.4.539.4.53
java Mavenorg.eclipse.jetty.http2:http2-server>=10.0.0,<10.0.1710.0.17
java Mavenorg.eclipse.jetty.http2:http2-server>=11.0.0,<11.0.1711.0.17
java Mavenorg.eclipse.jetty.http2:jetty-http2-common>=12.0.0,<12.0.212.0.2
java Mavenorg.eclipse.jetty.http2:jetty-http2-server>=12.0.0,<12.0.212.0.2
java Mavencom.typesafe.akka:akka-http-core<10.5.310.5.3
java Mavencom.typesafe.akka:akka-http-core_2.13<10.5.310.5.3
java Mavencom.typesafe.akka:akka-http-core_2.12<10.5.310.5.3
java Mavencom.typesafe.akka:akka-http-core_2.11<=10.1.15
java MAVENorg.apache.tomcat:tomcat-coyote>= 8.5.0, < 8.5.948.5.94
java MAVENorg.apache.tomcat:tomcat-coyote>= 9.0.0, < 9.0.819.0.81
java MAVENorg.apache.tomcat:tomcat-coyote>= 10.0.0, < 10.1.1410.1.14
java MAVENorg.apache.tomcat:tomcat-coyote>= 11.0.0-M1, < 11.0.0-M1211.0.0-M12
java MAVENcom.typesafe.akka:akka-http-core_2.11<= 10.1.15
java MAVENcom.typesafe.akka:akka-http-core_2.12< 10.5.310.5.3
java MAVENcom.typesafe.akka:akka-http-core_2.13< 10.5.310.5.3
java MAVENcom.typesafe.akka:akka-http-core< 10.5.310.5.3
java MAVENorg.eclipse.jetty.http2:jetty-http2-server>= 12.0.0, < 12.0.212.0.2
java MAVENorg.eclipse.jetty.http2:jetty-http2-common>= 12.0.0, < 12.0.212.0.2
java MAVENorg.eclipse.jetty.http2:http2-server>= 11.0.0, < 11.0.1711.0.17
java MAVENorg.eclipse.jetty.http2:http2-server>= 10.0.0, < 10.0.1710.0.17
java MAVENorg.eclipse.jetty.http2:http2-server>= 9.3.0, < 9.4.539.4.53
java MAVENorg.eclipse.jetty.http2:http2-common>= 11.0.0, < 11.0.1711.0.17
java MAVENorg.eclipse.jetty.http2:http2-common>= 10.0.0, < 10.0.1710.0.17
java MAVENorg.eclipse.jetty.http2:http2-common>= 9.3.0, < 9.4.539.4.53
SWIFTgithub.com/apple/swift-nio-http2< 1.28.01.28.0
java MAVENorg.apache.tomcat.embed:tomcat-embed-core>= 8.5.0, < 8.5.948.5.94
java MAVENorg.apache.tomcat.embed:tomcat-embed-core>= 9.0.0, < 9.0.819.0.81
java MAVENorg.apache.tomcat.embed:tomcat-embed-core>= 10.0.0, < 10.1.1410.1.14
java MAVENorg.apache.tomcat.embed:tomcat-embed-core>= 11.0.0-M1, < 11.0.0-M1211.0.0-M12
golang GOgolang.org/x/net< 0.17.00.17.0

Application impact
VendorProductVersionsFixed
siemenssinec_ins{"endExcluding":"1.0"}1.0
siemenssinec_ins1.0
siemenssinec_nms{"endExcluding":"3.0"}3.0
siemensst7_scadaconnect{"endExcluding":"1.1"}1.1
ietfhttp2.0
nghttp2nghttp2{"endExcluding":"1.57.0"}1.57.0
nettynetty{"endExcluding":"4.1.100"}4.1.100
envoyproxyenvoy1.24.10
envoyproxyenvoy1.25.9
envoyproxyenvoy1.26.4
envoyproxyenvoy1.27.0
eclipsejetty{"endExcluding":"9.4.53"}9.4.53
caddyservercaddy{"endExcluding":"2.7.5"}2.7.5
golanggo{"endExcluding":"1.20.10"}1.20.10
golanghttp2{"endExcluding":"0.17.0"}0.17.0
golangnetworking{"endExcluding":"0.17.0"}0.17.0
f5big-ip_access_policy_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_access_policy_manager17.1.0
f5big-ip_advanced_firewall_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_advanced_firewall_manager17.1.0
f5big-ip_advanced_web_application_firewall{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_advanced_web_application_firewall17.1.0
f5big-ip_analytics{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_analytics17.1.0
f5big-ip_application_acceleration_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_application_acceleration_manager17.1.0
f5big-ip_application_security_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_application_security_manager17.1.0
f5big-ip_application_visibility_and_reporting{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_application_visibility_and_reporting17.1.0
f5big-ip_carrier-grade_nat{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_carrier-grade_nat17.1.0
f5big-ip_ddos_hybrid_defender{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_ddos_hybrid_defender17.1.0
f5big-ip_domain_name_system{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_domain_name_system17.1.0
f5big-ip_fraud_protection_service{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_fraud_protection_service17.1.0
f5big-ip_global_traffic_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_global_traffic_manager17.1.0
f5big-ip_link_controller{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_link_controller17.1.0
f5big-ip_local_traffic_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_local_traffic_manager17.1.0
f5big-ip_next20.0.1
f5big-ip_next_service_proxy_for_kubernetes{"startIncluding":"1.5.0","endIncluding":"1.8.2"}
f5big-ip_policy_enforcement_manager{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_policy_enforcement_manager17.1.0
f5big-ip_ssl_orchestrator{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_ssl_orchestrator17.1.0
f5big-ip_webaccelerator{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_webaccelerator17.1.0
f5big-ip_websafe{"startIncluding":"13.1.0","endIncluding":"13.1.5"}
f5big-ip_websafe17.1.0
f5nginx{"startIncluding":"1.9.5","endIncluding":"1.25.2"}
f5nginx_ingress_controller{"startIncluding":"2.0.0","endIncluding":"2.4.2"}
f5nginx_plus{"startIncluding":"r25","endExcluding":"r29"}r29
f5nginx_plusr29
f5nginx_plusr30
apache apachetomcat{"startIncluding":"8.5.0","endIncluding":"8.5.93"}
apache apachetomcat11.0.0
appleswiftnio_http\/2{"endExcluding":"1.28.0"}1.28.0
grpcgrpc{"endExcluding":"1.56.3"}1.56.3
grpcgrpc1.57.0
windows microsoft.net{"startIncluding":"6.0.0","endExcluding":"6.0.23"}6.0.23
windows microsoftasp.net_core{"startIncluding":"6.0.0","endExcluding":"6.0.23"}6.0.23
windows microsoftazure_kubernetes_service{"endExcluding":"2023-10-08"}2023-10-08
windows microsoftvisual_studio_2022{"startIncluding":"17.0","endExcluding":"17.2.20"}17.2.20
nodejsnode.js{"startIncluding":"18.0.0","endExcluding":"18.18.2"}18.18.2
windows microsoftcbl-mariner{"endExcluding":"2023-10-11"}2023-10-11
denah2o{"endExcluding":"2023-10-10"}2023-10-10
facebookproxygen{"endExcluding":"2023.10.16.00"}2023.10.16.00
apache apacheapisix{"endExcluding":"3.6.1"}3.6.1
apache apachetraffic_server{"startIncluding":"8.0.0","endExcluding":"8.1.9"}8.1.9
aws amazonopensearch_data_prepper{"endExcluding":"2.5.0"}2.5.0
kazu-yamamotohttp2{"endExcluding":"4.2.2"}4.2.2
istioistio{"endExcluding":"1.17.6"}1.17.6
varnish_cache_projectvarnish_cache{"endExcluding":"2023-10-10"}2023-10-10
traefiktraefik{"endExcluding":"2.10.5"}2.10.5
traefiktraefik3.0.0
projectcontourcontour{"endExcluding":"2023-10-11"}2023-10-11
linkerdlinkerd{"startIncluding":"2.12.0","endIncluding":"2.12.5"}
linkerdlinkerd2.13.0
linkerdlinkerd2.13.1
linkerdlinkerd2.14.0
linkerdlinkerd2.14.1
linecorparmeria{"endExcluding":"1.26.0"}1.26.0
redhat3scale_api_management_platform2.0
redhatadvanced_cluster_management_for_kubernetes2.0
redhatadvanced_cluster_security3.0
redhatadvanced_cluster_security4.0
redhatansible_automation_platform2.0
redhatbuild_of_optaplanner8.0
redhatbuild_of_quarkus-
redhatceph_storage5.0
redhatcert-manager_operator_for_red_hat_openshift-
redhatcertification_for_red_hat_enterprise_linux8.0
redhatcertification_for_red_hat_enterprise_linux9.0
redhatcost_management-
redhatcryostat2.0
redhatdecision_manager7.0
redhatfence_agents_remediation_operator-
redhatintegration_camel_for_spring_boot-
redhatintegration_camel_k-
redhatintegration_service_registry-
redhatjboss_a-mq7
redhatjboss_a-mq_streams-
redhatjboss_core_services-
redhatjboss_data_grid7.0.0
redhatjboss_enterprise_application_platform6.0.0
redhatjboss_enterprise_application_platform7.0.0
redhatjboss_fuse6.0.0
redhatjboss_fuse7.0.0
redhatlogging_subsystem_for_red_hat_openshift-
redhatmachine_deletion_remediation_operator-
redhatmigration_toolkit_for_applications6.0
redhatmigration_toolkit_for_containers-
redhatmigration_toolkit_for_virtualization-
redhatnetwork_observability_operator-
redhatnode_healthcheck_operator-
redhatnode_maintenance_operator-
redhatopenshift-
redhatopenshift_api_for_data_protection-
redhatopenshift_container_platform4.0
redhatopenshift_container_platform_assisted_installer-
redhatopenshift_data_science-
redhatopenshift_dev_spaces-
redhatopenshift_developer_tools_and_services-
redhatopenshift_distributed_tracing-
redhatopenshift_gitops-
redhatopenshift_pipelines-
redhatopenshift_sandboxed_containers-
redhatopenshift_secondary_scheduler_operator-
redhatopenshift_serverless-
redhatopenshift_service_mesh2.0
redhatopenshift_virtualization4
redhatopenstack_platform16.1
redhatopenstack_platform16.2
redhatopenstack_platform17.1
redhatprocess_automation7.0
redhatquay3.0.0
redhatrun_once_duration_override_operator-
redhatsatellite6.0
redhatself_node_remediation_operator-
redhatservice_interconnect1.0
redhatsingle_sign-on7.0
redhatsupport_for_spring_boot-
redhatweb_terminal-
redhatservice_telemetry_framework1.5
netappastra_control_center-
netapponcommand_insight-
akkahttp_server{"endExcluding":"10.5.3"}10.5.3
konghqkong_gateway{"endExcluding":"3.4.2"}3.4.2
jenkinsjenkins{"endIncluding":"2.414.2"}
apache apachesolr{"endExcluding":"9.4.0"}9.4.0
openrestyopenresty{"endExcluding":"1.21.4.3"}1.21.4.3
ciscobusiness_process_automation{"endExcluding":"3.2.003.009"}3.2.003.009
ciscoconnected_mobile_experiences{"endExcluding":"11.1"}11.1
ciscocrosswork_data_gateway{"endExcluding":"4.1.3"}4.1.3
ciscocrosswork_situation_manager-
ciscocrosswork_zero_touch_provisioning{"endExcluding":"6.0.0"}6.0.0
ciscodata_center_network_manager-
ciscoenterprise_chat_and_email-
ciscoexpressway{"endExcluding":"x14.3.3"}x14.3.3
ciscofirepower_threat_defense{"endExcluding":"7.4.2"}7.4.2
ciscoiot_field_network_director{"endExcluding":"4.11.0"}4.11.0
ciscoprime_access_registrar{"endExcluding":"9.3.3"}9.3.3
ciscoprime_cable_provisioning{"endExcluding":"7.2.1"}7.2.1
ciscoprime_infrastructure{"endExcluding":"3.10.4"}3.10.4
ciscoprime_network_registrar{"endExcluding":"11.2"}11.2
ciscosecure_dynamic_attributes_connector{"endExcluding":"2.2.0"}2.2.0
ciscosecure_malware_analytics{"endExcluding":"2.19.2"}2.19.2
ciscotelepresence_video_communication_server{"endExcluding":"x14.3.3"}x14.3.3
ciscoultra_cloud_core_-_policy_control_function{"endExcluding":"2024.01.0"}2024.01.0
ciscoultra_cloud_core_-_policy_control_function2024.01.0
ciscoultra_cloud_core_-_serving_gateway_function{"endExcluding":"2024.02.0"}2024.02.0
ciscoultra_cloud_core_-_session_management_function{"endExcluding":"2024.02.0"}2024.02.0
ciscounified_attendant_console_advanced-
ciscounified_contact_center_domain_manager-
ciscounified_contact_center_enterprise-
ciscounified_contact_center_enterprise_-_live_data_server{"endExcluding":"12.6.2"}12.6.2
ciscounified_contact_center_management_portal-

References

CWEs

CWE-400

Verify integrity in audit chain (admin only). AS-IS.