CVE-2023-44487 (CNNVD-202310-667)

HIGH 有利用代码
中文标题:
Apache HTTP/2 资源管理错误漏洞
英文标题:
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell...
CVSS分数: 7.5
发布时间: 2023-10-10 00:00:00
漏洞类型: 资源管理错误
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v4
漏洞描述
中文描述:

HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Microsoft Visual Studio 2022 version 17.7,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),ASP.NET Core 7.0。

英文描述:

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CWE类型:
CWE-400
标签:
remote multiple Madhusudhan Rajappa
受影响产品
厂商 产品 版本 版本范围 平台 CPE
ietf http 2.0 - - cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*
nghttp2 nghttp2 * - - cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*
netty netty * - - cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*
envoyproxy envoy 1.24.10 - - cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*
envoyproxy envoy 1.25.9 - - cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*
envoyproxy envoy 1.26.4 - - cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*
envoyproxy envoy 1.27.0 - - cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*
eclipse jetty * - - cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
caddyserver caddy * - - cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*
golang go * - - cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
golang http2 * - - cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*
golang networking * - - cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*
f5 big-ip_access_policy_manager * - - cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5 big-ip_access_policy_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager * - - cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5 big-ip_advanced_firewall_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_advanced_web_application_firewall * - - cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5 big-ip_advanced_web_application_firewall 17.1.0 - - cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*
f5 big-ip_analytics * - - cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5 big-ip_analytics 17.1.0 - - cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager * - - cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_acceleration_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_security_manager * - - cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5 big-ip_application_security_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_application_visibility_and_reporting * - - cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
f5 big-ip_application_visibility_and_reporting 17.1.0 - - cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*
f5 big-ip_carrier-grade_nat * - - cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
f5 big-ip_carrier-grade_nat 17.1.0 - - cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*
f5 big-ip_ddos_hybrid_defender * - - cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5 big-ip_ddos_hybrid_defender 17.1.0 - - cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*
f5 big-ip_domain_name_system * - - cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5 big-ip_domain_name_system 17.1.0 - - cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*
f5 big-ip_fraud_protection_service * - - cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
f5 big-ip_fraud_protection_service 17.1.0 - - cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager * - - cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_global_traffic_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_link_controller * - - cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
f5 big-ip_link_controller 17.1.0 - - cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager * - - cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
f5 big-ip_local_traffic_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_next 20.0.1 - - cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*
f5 big-ip_next_service_proxy_for_kubernetes * - - cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager * - - cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
f5 big-ip_policy_enforcement_manager 17.1.0 - - cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*
f5 big-ip_ssl_orchestrator * - - cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
f5 big-ip_ssl_orchestrator 17.1.0 - - cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*
f5 big-ip_webaccelerator * - - cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
f5 big-ip_webaccelerator 17.1.0 - - cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*
f5 big-ip_websafe * - - cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
f5 big-ip_websafe 17.1.0 - - cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*
f5 nginx * - - cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
f5 nginx_ingress_controller * - - cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*
f5 nginx_plus * - - cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*
f5 nginx_plus r29 - - cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*
f5 nginx_plus r30 - - cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
apache tomcat * - - cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apache tomcat 11.0.0 - - cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
apple swiftnio_http\/2 * - - cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:*
grpc grpc * - - cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
grpc grpc 1.57.0 - - cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*
microsoft .net * - - cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
microsoft asp.net_core * - - cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
microsoft azure_kubernetes_service * - - cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*
microsoft visual_studio_2022 * - - cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
microsoft windows_10_1607 * - - cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
microsoft windows_10_1809 * - - cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
microsoft windows_10_21h2 * - - cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
microsoft windows_10_22h2 * - - cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
microsoft windows_11_21h2 * - - cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
microsoft windows_11_22h2 * - - cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
microsoft windows_server_2016 - - - cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
microsoft windows_server_2019 - - - cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
microsoft windows_server_2022 - - - cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
nodejs node.js * - - cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
microsoft cbl-mariner * - - cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*
dena h2o * - - cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*
facebook proxygen * - - cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*
apache apisix * - - cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
apache traffic_server * - - cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
amazon opensearch_data_prepper * - - cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*
debian debian_linux 10.0 - - cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 - - cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
debian debian_linux 12.0 - - cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
kazu-yamamoto http2 * - - cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*
istio istio * - - cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
varnish_cache_project varnish_cache * - - cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*
traefik traefik * - - cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
traefik traefik 3.0.0 - - cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*
projectcontour contour * - - cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*
linkerd linkerd * - - cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*
linkerd linkerd 2.13.0 - - cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*
linkerd linkerd 2.13.1 - - cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*
linkerd linkerd 2.14.0 - - cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*
linkerd linkerd 2.14.1 - - cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*
linecorp armeria * - - cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*
redhat 3scale_api_management_platform 2.0 - - cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*
redhat advanced_cluster_management_for_kubernetes 2.0 - - cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
redhat advanced_cluster_security 3.0 - - cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*
redhat advanced_cluster_security 4.0 - - cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*
redhat ansible_automation_platform 2.0 - - cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*
redhat build_of_optaplanner 8.0 - - cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*
redhat build_of_quarkus - - - cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
redhat ceph_storage 5.0 - - cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*
redhat cert-manager_operator_for_red_hat_openshift - - - cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*
redhat certification_for_red_hat_enterprise_linux 8.0 - - cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
redhat certification_for_red_hat_enterprise_linux 9.0 - - cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*
redhat cost_management - - - cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*
redhat cryostat 2.0 - - cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*
redhat decision_manager 7.0 - - cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
redhat fence_agents_remediation_operator - - - cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*
redhat integration_camel_for_spring_boot - - - cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*
redhat integration_camel_k - - - cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
redhat integration_service_registry - - - cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
redhat jboss_a-mq 7 - - cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
redhat jboss_a-mq_streams - - - cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*
redhat jboss_core_services - - - cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*
redhat jboss_data_grid 7.0.0 - - cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
redhat jboss_enterprise_application_platform 6.0.0 - - cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
redhat jboss_enterprise_application_platform 7.0.0 - - cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
redhat jboss_fuse 6.0.0 - - cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
redhat jboss_fuse 7.0.0 - - cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
redhat logging_subsystem_for_red_hat_openshift - - - cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*
redhat machine_deletion_remediation_operator - - - cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*
redhat migration_toolkit_for_applications 6.0 - - cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*
redhat migration_toolkit_for_containers - - - cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*
redhat migration_toolkit_for_virtualization - - - cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*
redhat network_observability_operator - - - cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*
redhat node_healthcheck_operator - - - cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*
redhat node_maintenance_operator - - - cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*
redhat openshift - - - cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*
redhat openshift_api_for_data_protection - - - cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*
redhat openshift_container_platform 4.0 - - cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
redhat openshift_container_platform_assisted_installer - - - cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*
redhat openshift_data_science - - - cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*
redhat openshift_dev_spaces - - - cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*
redhat openshift_developer_tools_and_services - - - cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*
redhat openshift_distributed_tracing - - - cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*
redhat openshift_gitops - - - cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*
redhat openshift_pipelines - - - cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*
redhat openshift_sandboxed_containers - - - cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*
redhat openshift_secondary_scheduler_operator - - - cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*
redhat openshift_serverless - - - cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*
redhat openshift_service_mesh 2.0 - - cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
redhat openshift_virtualization 4 - - cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*
redhat openstack_platform 16.1 - - cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
redhat openstack_platform 16.2 - - cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
redhat openstack_platform 17.1 - - cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*
redhat process_automation 7.0 - - cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
redhat quay 3.0.0 - - cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
redhat run_once_duration_override_operator - - - cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*
redhat satellite 6.0 - - cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
redhat self_node_remediation_operator - - - cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*
redhat service_interconnect 1.0 - - cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*
redhat single_sign-on 7.0 - - cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
redhat support_for_spring_boot - - - cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*
redhat web_terminal - - - cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*
redhat enterprise_linux 6.0 - - cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhat enterprise_linux 8.0 - - cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhat enterprise_linux 9.0 - - cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
redhat service_telemetry_framework 1.5 - - cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*
fedoraproject fedora 37 - - cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
fedoraproject fedora 38 - - cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
netapp astra_control_center - - - cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*
netapp oncommand_insight - - - cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
akka http_server * - - cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*
konghq kong_gateway * - - cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*
jenkins jenkins * - - cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
apache solr * - - cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
openresty openresty * - - cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*
cisco business_process_automation * - - cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*
cisco connected_mobile_experiences * - - cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*
cisco crosswork_data_gateway * - - cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*
cisco crosswork_situation_manager - - - cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*
cisco crosswork_zero_touch_provisioning * - - cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*
cisco data_center_network_manager - - - cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*
cisco enterprise_chat_and_email - - - cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*
cisco expressway * - - cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*
cisco firepower_threat_defense * - - cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
cisco iot_field_network_director * - - cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*
cisco prime_access_registrar * - - cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*
cisco prime_cable_provisioning * - - cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*
cisco prime_infrastructure * - - cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cisco prime_network_registrar * - - cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*
cisco secure_dynamic_attributes_connector * - - cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*
cisco secure_malware_analytics * - - cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*
cisco telepresence_video_communication_server * - - cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*
cisco ultra_cloud_core_-_policy_control_function * - - cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*
cisco ultra_cloud_core_-_policy_control_function 2024.01.0 - - cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*
cisco ultra_cloud_core_-_serving_gateway_function * - - cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*
cisco ultra_cloud_core_-_session_management_function * - - cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*
cisco unified_attendant_console_advanced - - - cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*
cisco unified_contact_center_domain_manager - - - cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*
cisco unified_contact_center_enterprise - - - cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*
cisco unified_contact_center_enterprise_-_live_data_server * - - cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*
cisco unified_contact_center_management_portal - - - cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*
cisco fog_director * - - cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*
cisco ios_xe * - - cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr * - - cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
cisco secure_web_appliance_firmware * - - cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*
cisco nx-os * - - cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
DSA-5522 vendor-advisory
cve.org
访问
DSA-5521 vendor-advisory
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update mailing-list
cve.org
访问
[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
FEDORA-2023-ed2642fd58 vendor-advisory
cve.org
访问
无标题 OTHER
cve.org
访问
[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update mailing-list
cve.org
访问
[oss-security] 20231018 Vulnerability in Jenkins mailing-list
cve.org
访问
[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST mailing-list
cve.org
访问
FEDORA-2023-54fadada12 vendor-advisory
cve.org
访问
FEDORA-2023-5ff7bf1dd8 vendor-advisory
cve.org
访问
[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations mailing-list
cve.org
访问
FEDORA-2023-17efd3f2cd vendor-advisory
cve.org
访问
FEDORA-2023-d5030c983c vendor-advisory
cve.org
访问
FEDORA-2023-0259c3f26f vendor-advisory
cve.org
访问
FEDORA-2023-2a9214af5f vendor-advisory
cve.org
访问
FEDORA-2023-e9c04d81c1 vendor-advisory
cve.org
访问
FEDORA-2023-f66fc0f62a vendor-advisory
cve.org
访问
FEDORA-2023-4d2fd884ea vendor-advisory
cve.org
访问
FEDORA-2023-b2c50535cb vendor-advisory
cve.org
访问
FEDORA-2023-fe53e13b5b vendor-advisory
cve.org
访问
FEDORA-2023-4bf641255e vendor-advisory
cve.org
访问
[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update mailing-list
cve.org
访问
DSA-5540 vendor-advisory
cve.org
访问
[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
FEDORA-2023-1caffb88af vendor-advisory
cve.org
访问
FEDORA-2023-3f70b8d406 vendor-advisory
cve.org
访问
FEDORA-2023-7b52921cae vendor-advisory
cve.org
访问
FEDORA-2023-7934802344 vendor-advisory
cve.org
访问
FEDORA-2023-dbe64661af vendor-advisory
cve.org
访问
FEDORA-2023-822aab0a5a vendor-advisory
cve.org
访问
[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update mailing-list
cve.org
访问
DSA-5549 vendor-advisory
cve.org
访问
FEDORA-2023-c0c6a91330 vendor-advisory
cve.org
访问
FEDORA-2023-492b7be466 vendor-advisory
cve.org
访问
DSA-5558 vendor-advisory
cve.org
访问
[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update mailing-list
cve.org
访问
GLSA-202311-09 vendor-advisory
cve.org
访问
DSA-5570 vendor-advisory
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
134c704f-9b21-4f2e-91b3-4a467353bcc0 OTHER
nvd.nist.gov
访问
ExploitDB EDB-52426 EXPLOIT
exploitdb
访问
Download Exploit EDB-52426 EXPLOIT
exploitdb
访问
CVE Reference: CVE-2023-44487 ADVISORY
cve.org
访问
CVSS评分详情
3.1 (adp)
HIGH
7.5
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2023-10-10 00:00:00
修改时间:
2025-11-04 21:08:27
创建时间:
2025-11-11 15:38:37
更新时间:
2025-11-11 17:02:42
利用信息
此漏洞有可利用代码!
利用代码数量: 1
利用来源:
未知
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2023-44487 2025-11-11 15:22:07 2025-11-11 07:38:37
NVD nvd_CVE-2023-44487 2025-11-11 14:59:11 2025-11-11 07:46:42
CNNVD cnnvd_CNNVD-202310-667 2025-11-11 15:13:00 2025-11-11 07:58:17
EXPLOITDB exploitdb_EDB-52426 2025-11-11 15:05:28 2025-11-11 09:02:42
版本与语言
当前版本: v4
主要语言: EN
支持语言:
EN ZH
其他标识符:
:
:
安全公告
暂无安全公告信息
变更历史
v4 EXPLOITDB
2025-11-11 17:02:42
references_count: 168 → 171; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
  • references_count: 168 -> 171
  • tags_count: 0 -> 3
  • data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3 CNNVD
2025-11-11 15:58:17
vulnerability_type: 未提取 → 资源管理错误; cnnvd_id: 未提取 → CNNVD-202310-667; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 资源管理错误
  • cnnvd_id: 未提取 -> CNNVD-202310-667
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:46:42
affected_products_count: 1 → 200; references_count: 144 → 168; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 1 -> 200
  • references_count: 144 -> 168
  • data_sources: ['cve'] -> ['cve', 'nvd']