Vulnerability Database

289,571

Total vulnerabilities in the database

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
ietf / http 2.0 2.0.x
golang.org/x/net - 0.17.0
nghttp2 / nghttp2 - 1.57.0
netty / netty - 4.1.100
envoyproxy / envoy 1.27.0 1.27.0.x
envoyproxy / envoy 1.26.4 1.26.4.x
envoyproxy / envoy 1.25.9 1.25.9.x
envoyproxy / envoy 1.24.10 1.24.10.x
eclipse / jetty 12.0.0 12.0.2
eclipse / jetty 11.0.0 11.0.17
eclipse / jetty 10.0.0 10.0.17
eclipse / jetty - 9.4.53
caddyserver / caddy - 2.7.5
golang / http2 - 0.17.0
golang / go 1.21.0 1.21.3
golang / go - 1.20.10
golang / networking - 0.17.0
f5 / big-ip_analytics 13.1.0 13.1.5.x
f5 / big-ip_policy_enforcement_manager 13.1.0 13.1.5.x
f5 / big-ip_local_traffic_manager 13.1.0 13.1.5.x
f5 / big-ip_link_controller 13.1.0 13.1.5.x
f5 / big-ip_global_traffic_manager 13.1.0 13.1.5.x
f5 / big-ip_fraud_protection_service 13.1.0 13.1.5.x
f5 / big-ip_domain_name_system 13.1.0 13.1.5.x
f5 / big-ip_application_security_manager 13.1.0 13.1.5.x
f5 / big-ip_application_acceleration_manager 13.1.0 13.1.5.x
f5 / big-ip_advanced_firewall_manager 13.1.0 13.1.5.x
f5 / big-ip_access_policy_manager 13.1.0 13.1.5.x
f5 / big-ip_advanced_web_application_firewall 13.1.0 13.1.5.x
f5 / big-ip_application_visibility_and_reporting 13.1.0 13.1.5.x
f5 / big-ip_carrier-grade_nat 13.1.0 13.1.5.x
f5 / big-ip_ddos_hybrid_defender 13.1.0 13.1.5.x
f5 / big-ip_ssl_orchestrator 13.1.0 13.1.5.x
f5 / big-ip_webaccelerator 13.1.0 13.1.5.x
f5 / big-ip_websafe 13.1.0 13.1.5.x
f5 / big-ip_advanced_firewall_manager 14.1.0 14.1.5.x
f5 / big-ip_analytics 14.1.0 14.1.5.x
f5 / big-ip_access_policy_manager 14.1.0 14.1.5.x
f5 / big-ip_application_security_manager 14.1.0 14.1.5.x
f5 / big-ip_domain_name_system 14.1.0 14.1.5.x
f5 / big-ip_fraud_protection_service 14.1.0 14.1.5.x
f5 / big-ip_global_traffic_manager 14.1.0 14.1.5.x
f5 / big-ip_link_controller 14.1.0 14.1.5.x
f5 / big-ip_local_traffic_manager 14.1.0 14.1.5.x
f5 / big-ip_policy_enforcement_manager 14.1.0 14.1.5.x
f5 / big-ip_application_acceleration_manager 14.1.0 14.1.5.x
f5 / big-ip_access_policy_manager 17.1.0 17.1.0.x
f5 / big-ip_advanced_firewall_manager 17.1.0 17.1.0.x
f5 / big-ip_advanced_web_application_firewall 17.1.0 17.1.0.x
f5 / big-ip_analytics 17.1.0 17.1.0.x
f5 / big-ip_application_acceleration_manager 17.1.0 17.1.0.x
f5 / big-ip_application_security_manager 17.1.0 17.1.0.x
f5 / big-ip_application_visibility_and_reporting 17.1.0 17.1.0.x
f5 / big-ip_carrier-grade_nat 17.1.0 17.1.0.x
f5 / big-ip_ddos_hybrid_defender 17.1.0 17.1.0.x
f5 / big-ip_domain_name_system 17.1.0 17.1.0.x
f5 / big-ip_fraud_protection_service 17.1.0 17.1.0.x
f5 / big-ip_global_traffic_manager 17.1.0 17.1.0.x
f5 / big-ip_link_controller 17.1.0 17.1.0.x
f5 / big-ip_local_traffic_manager 17.1.0 17.1.0.x
f5 / big-ip_policy_enforcement_manager 17.1.0 17.1.0.x
f5 / big-ip_ssl_orchestrator 17.1.0 17.1.0.x
f5 / big-ip_webaccelerator 17.1.0 17.1.0.x
f5 / big-ip_websafe 17.1.0 17.1.0.x
f5 / big-ip_advanced_web_application_firewall 14.1.0 14.1.5.x
f5 / big-ip_application_visibility_and_reporting 14.1.0 14.1.5.x
f5 / big-ip_carrier-grade_nat 14.1.0 14.1.5.x
f5 / big-ip_ddos_hybrid_defender 14.1.0 14.1.5.x
f5 / big-ip_ssl_orchestrator 14.1.0 14.1.5.x
f5 / big-ip_webaccelerator 14.1.0 14.1.5.x
f5 / big-ip_websafe 14.1.0 14.1.5.x
f5 / big-ip_access_policy_manager 15.1.0 15.1.10.x
f5 / big-ip_access_policy_manager 16.1.0 16.1.4.x
f5 / big-ip_advanced_firewall_manager 15.1.0 15.1.10.x
f5 / big-ip_advanced_firewall_manager 16.1.0 16.1.4.x
f5 / big-ip_advanced_web_application_firewall 15.1.0 15.1.10.x
f5 / big-ip_advanced_web_application_firewall 16.1.0 16.1.4.x
f5 / big-ip_analytics 15.1.0 15.1.10.x
f5 / big-ip_analytics 16.1.0 16.1.4.x
f5 / big-ip_application_acceleration_manager 15.1.0 15.1.10.x
f5 / big-ip_application_acceleration_manager 16.1.0 16.1.4.x
f5 / big-ip_application_security_manager 15.1.0 15.1.10.x
f5 / big-ip_application_security_manager 16.1.0 16.1.4.x
f5 / big-ip_application_visibility_and_reporting 15.1.0 15.1.10.x
f5 / big-ip_application_visibility_and_reporting 16.1.0 16.1.4.x
f5 / big-ip_carrier-grade_nat 15.1.0 15.1.10.x
f5 / big-ip_carrier-grade_nat 16.1.0 16.1.4.x
f5 / big-ip_ddos_hybrid_defender 15.1.0 15.1.10.x
f5 / big-ip_ddos_hybrid_defender 16.1.0 16.1.4.x
f5 / big-ip_domain_name_system 15.1.0 15.1.10.x
f5 / big-ip_domain_name_system 16.1.0 16.1.4.x
f5 / big-ip_fraud_protection_service 15.1.0 15.1.10.x
f5 / big-ip_fraud_protection_service 16.1.0 16.1.4.x
f5 / big-ip_global_traffic_manager 15.1.0 15.1.10.x
f5 / big-ip_global_traffic_manager 16.1.0 16.1.4.x
f5 / big-ip_link_controller 15.1.0 15.1.10.x
f5 / big-ip_link_controller 16.1.0 16.1.4.x
f5 / big-ip_local_traffic_manager 15.1.0 15.1.10.x
f5 / big-ip_local_traffic_manager 16.1.0 16.1.4.x
f5 / big-ip_policy_enforcement_manager 15.1.0 15.1.10.x
f5 / big-ip_policy_enforcement_manager 16.1.0 16.1.4.x
f5 / big-ip_ssl_orchestrator 15.1.0 15.1.10.x
f5 / big-ip_ssl_orchestrator 16.1.0 16.1.4.x
f5 / big-ip_webaccelerator 15.1.0 15.1.10.x
f5 / big-ip_webaccelerator 16.1.0 16.1.4.x
f5 / big-ip_websafe 15.1.0 15.1.10.x
f5 / big-ip_websafe 16.1.0 16.1.4.x
f5 / nginx_plus r30 r30.x
f5 / nginx_plus r25 r29
f5 / nginx_plus r29 r29.x
f5 / big-ip_next 20.0.1 20.0.1.x
f5 / big-ip_next_service_proxy_for_kubernetes 1.5.0 1.8.2.x
f5 / nginx 1.9.5 1.25.2.x
f5 / nginx_ingress_controller 2.0.0 2.4.2.x
f5 / nginx_ingress_controller 3.0.0 3.3.0.x
apache / tomcat 11.0.0-milestone1 11.0.0-milestone1.x
apache / tomcat 11.0.0-milestone2 11.0.0-milestone2.x
apache / tomcat 11.0.0-milestone4 11.0.0-milestone4.x
apache / tomcat 11.0.0-milestone3 11.0.0-milestone3.x
apache / tomcat 11.0.0-milestone5 11.0.0-milestone5.x
apache / tomcat 11.0.0-milestone7 11.0.0-milestone7.x
apache / tomcat 11.0.0-milestone8 11.0.0-milestone8.x
apache / tomcat 11.0.0-milestone9 11.0.0-milestone9.x
apache / tomcat 11.0.0-milestone10 11.0.0-milestone10.x
apache / tomcat 11.0.0-milestone6 11.0.0-milestone6.x
apache / tomcat 11.0.0-milestone11 11.0.0-milestone11.x
apache / tomcat 9.0.0 9.0.80.x
apache / tomcat 8.5.0 8.5.93.x
apache / tomcat 10.1.0 10.1.13.x
apple / swiftnio_http/2 - 1.28.0
grpc / grpc 1.57.0 1.57.0.x
grpc / grpc 1.58.0 1.58.3
grpc / grpc - 1.56.3
microsoft / windows_10_22h2 - 10.0.19045.3570
microsoft / windows_10_1809 - 10.0.17763.4974
microsoft / windows_11_21h2 - 10.0.22000.2538
microsoft / windows_11_22h2 - 10.0.22621.2428
microsoft / windows_10_1607 - 10.0.14393.6351
microsoft / .net 7.0.0 7.0.12
microsoft / windows_10_21h2 - 10.0.19044.3570
microsoft / visual_studio_2022 17.7 17.7.5
microsoft / visual_studio_2022 17.6 17.6.8
microsoft / visual_studio_2022 17.4 17.4.12
microsoft / visual_studio_2022 17.0 17.2.20
microsoft / asp.net_core 6.0.0 6.0.23
microsoft / asp.net_core 7.0.0 7.0.12
microsoft / .net 6.0.0 6.0.23
microsoft / azure_kubernetes_service - 2023-10-08
microsoft / cbl-mariner - 2023-10-11
dena / h2o - 2023-10-10
facebook / proxygen - 2023.10.16.00
apache / traffic_server 9.0.0 9.2.3
apache / traffic_server 8.0.0 8.1.9
apache / apisix - 3.6.1
amazon / opensearch_data_prepper - 2.5.0
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
debian / debian_linux 12.0 12.0.x
kazu-yamamoto / http2 - 4.2.2
istio / istio 1.19.0 1.19.1
istio / istio 1.18.0 1.18.3
istio / istio - 1.17.6
varnish_cache_project / varnish_cache - 2023-10-10
traefik / traefik 3.0.0-beta3 3.0.0-beta3.x
traefik / traefik 3.0.0-beta2 3.0.0-beta2.x
traefik / traefik 3.0.0-beta1 3.0.0-beta1.x
traefik / traefik - 2.10.5
projectcontour / contour - 2023-10-11
linkerd / linkerd 2.14.0 2.14.0.x
linkerd / linkerd 2.14.1 2.14.1.x
linkerd / linkerd 2.13.1 2.13.1.x
linkerd / linkerd 2.13.0 2.13.0.x
linkerd / linkerd 2.12.0 2.12.5.x
linecorp / armeria - 1.26.0
redhat / enterprise_linux 6.0 6.0.x
redhat / jboss_enterprise_application_platform 6.0.0 6.0.0.x
redhat / jboss_fuse 6.0.0 6.0.0.x
redhat / satellite 6.0 6.0.x
redhat / jboss_enterprise_application_platform 7.0.0 7.0.0.x
redhat / decision_manager 7.0 7.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / single_sign-on 7.0 7.0.x
redhat / jboss_fuse 7.0.0 7.0.0.x
redhat / process_automation 7.0 7.0.x
redhat / jboss_data_grid 7.0.0 7.0.0.x
redhat / quay 3.0.0 3.0.0.x
redhat / openshift_container_platform 4.0 4.0.x
redhat / openstack_platform 16.1 16.1.x
redhat / advanced_cluster_management_for_kubernetes 2.0 2.0.x
redhat / openshift_service_mesh 2.0 2.0.x
redhat / jboss_a-mq 7 7.x
redhat / 3scale_api_management_platform 2.0 2.0.x
redhat / ceph_storage 5.0 5.0.x
redhat / openstack_platform 16.2 16.2.x
redhat / enterprise_linux 9.0 9.0.x
redhat / ansible_automation_platform 2.0 2.0.x
redhat / migration_toolkit_for_applications 6.0 6.0.x
redhat / build_of_optaplanner 8.0 8.0.x
redhat / advanced_cluster_security 4.0 4.0.x
redhat / advanced_cluster_security 3.0 3.0.x
redhat / cryostat 2.0 2.0.x
redhat / openshift_virtualization 4 4.x
redhat / certification_for_red_hat_enterprise_linux 9.0 9.0.x
redhat / certification_for_red_hat_enterprise_linux 8.0 8.0.x
redhat / openstack_platform 17.1 17.1.x
redhat / service_interconnect 1.0 1.0.x
redhat / service_telemetry_framework 1.5 1.5.x
fedoraproject / fedora 38 38.x
akka / http_server - 10.5.3
konghq / kong_gateway - 3.4.2
fedoraproject / fedora 37 37.x
jenkins / jenkins - 2.427.x
jenkins / jenkins - 2.414.2.x
apache / solr - 9.4.0
nodejs / node.js 18.0.0 18.18.2
nodejs / node.js 20.0.0 20.8.1
google.golang.org/grpc 1.58.0 1.58.3
google.golang.org/grpc 1.57.0 1.57.1
google.golang.org/grpc - 1.56.3
grpc / grpc - 1.59.2.x
openresty / openresty - 1.21.4.3
org.apache.tomcat / tomcat 11.0.0-M1 11.0.0-M12
org.apache.tomcat / tomcat 10.0.0 10.1.14
org.apache.tomcat / tomcat 9.0.0 9.0.81
org.apache.tomcat / tomcat 8.5.0 8.5.94
org.apache.tomcat.embed / tomcat-embed-core 11.0.0-M1 11.0.0-M12
org.apache.tomcat.embed / tomcat-embed-core 10.0.0 10.1.14
org.apache.tomcat.embed / tomcat-embed-core 9.0.0 9.0.81
org.apache.tomcat.embed / tomcat-embed-core 8.5.0 8.5.94
cisco / prime_infrastructure - 3.10.4
cisco / secure_malware_analytics - 2.19.2
cisco / secure_dynamic_attributes_connector - 2.2.0
cisco / firepower_threat_defense - 7.4.2
cisco / fog_director - 1.22
cisco / ios_xe - 17.15.1
cisco / prime_network_registrar - 11.2
cisco / prime_cable_provisioning - 7.2.1
cisco / prime_access_registrar - 9.3.3
cisco / iot_field_network_director - 4.11.0
cisco / ios_xr - 7.11.2
cisco / crosswork_zero_touch_provisioning - 6.0.0
cisco / crosswork_data_gateway - 4.1.3
cisco / expressway - x14.3.3
cisco / connected_mobile_experiences - 11.1
cisco / telepresence_video_communication_server - x14.3.3
cisco / unified_contact_center_enterprise_-_live_data_server - 12.6.2
cisco / ultra_cloud_core_-_session_management_function - 2024.02.0
cisco / ultra_cloud_core_-_serving_gateway_function - 2024.02.0
cisco / ultra_cloud_core_-_policy_control_function - 2024.01.0
cisco / ultra_cloud_core_-_policy_control_function 2024.01.0 2024.01.0.x
cisco / secure_web_appliance_firmware - 15.1.0
cisco / nx-os - 10.2\(7\)
cisco / nx-os 10.3\(1\) 10.3\(5\)
cisco / crosswork_data_gateway 5.0.0 5.0.2
cisco / business_process_automation - 3.2.003.009
cisco / nx-os 10.4\(1\) 10.4\(2\)