The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netapp | astra_control_center | - |
| microsoft | windows_10_1809 | * |
| microsoft | windows_server_2022 | - |
| microsoft | windows_10_1607 | * |
| redhat | openshift_serverless | - |
| cisco | crosswork_situation_manager | - |
| akka | http_server | * |
| apache | solr | * |
| linkerd | linkerd | 2.13.0 |
| cisco | prime_access_registrar | * |
| f5 | big-ip_ddos_hybrid_defender | * |
| f5 | big-ip_application_visibility_and_reporting | * |
| cisco | secure_malware_analytics | * |
| fedoraproject | fedora | 37 |
| redhat | jboss_fuse | 7.0.0 |
| microsoft | cbl-mariner | * |
| redhat | cryostat | 2.0 |
| redhat | service_interconnect | 1.0 |
| redhat | 3scale_api_management_platform | 2.0 |
| cisco | prime_infrastructure | * |
| cisco | firepower_threat_defense | * |
| cisco | ios_xr | * |
| redhat | openshift_container_platform_assisted_installer | - |
| redhat | self_node_remediation_operator | - |
| nghttp2 | nghttp2 | * |
| redhat | openshift_sandboxed_containers | - |
| f5 | big-ip_carrier-grade_nat | * |
| cisco | telepresence_video_communication_server | * |
| envoyproxy | envoy | 1.27.0 |
| f5 | big-ip_access_policy_manager | 17.1.0 |
| debian | debian_linux | 11.0 |
| f5 | big-ip_ddos_hybrid_defender | 17.1.0 |
| cisco | prime_cable_provisioning | * |
| redhat | advanced_cluster_management_for_kubernetes | 2.0 |
| redhat | openshift_pipelines | - |
| cisco | secure_dynamic_attributes_connector | * |
| f5 | big-ip_fraud_protection_service | * |
| redhat | openstack_platform | 17.1 |
| redhat | openshift_developer_tools_and_services | - |
| redhat | integration_camel_for_spring_boot | - |
| redhat | jboss_a-mq | 7 |
| redhat | openshift_secondary_scheduler_operator | - |
| cisco | iot_field_network_director | * |
| cisco | prime_network_registrar | * |
| redhat | openstack_platform | 16.2 |
| redhat | migration_toolkit_for_applications | 6.0 |
| f5 | big-ip_application_security_manager | * |
| redhat | ansible_automation_platform | 2.0 |
| fedoraproject | fedora | 38 |
| f5 | big-ip_next | 20.0.1 |
| envoyproxy | envoy | 1.24.10 |
| nodejs | node.js | * |
| redhat | certification_for_red_hat_enterprise_linux | 9.0 |
| redhat | jboss_enterprise_application_platform | 7.0.0 |
| f5 | big-ip_analytics | * |
| microsoft | windows_11_21h2 | * |
| cisco | ultra_cloud_core_-_session_management_function | * |
| linkerd | linkerd | * |
| f5 | big-ip_webaccelerator | * |
| redhat | satellite | 6.0 |
| golang | http2 | * |
| redhat | jboss_a-mq_streams | - |
| f5 | big-ip_domain_name_system | 17.1.0 |
| redhat | enterprise_linux | 8.0 |
| cisco | crosswork_zero_touch_provisioning | * |
| redhat | logging_subsystem_for_red_hat_openshift | - |
| f5 | nginx_plus | * |
| f5 | big-ip_application_acceleration_manager | 17.1.0 |
| netty | netty | * |
| microsoft | .net | * |
| f5 | big-ip_analytics | 17.1.0 |
| redhat | openshift_dev_spaces | - |
| redhat | advanced_cluster_security | 3.0 |
| f5 | big-ip_application_acceleration_manager | * |
| cisco | unified_contact_center_domain_manager | - |
| microsoft | windows_11_22h2 | * |
| redhat | machine_deletion_remediation_operator | - |
| redhat | fence_agents_remediation_operator | - |
| cisco | ultra_cloud_core_-_serving_gateway_function | * |
| f5 | big-ip_link_controller | * |
| f5 | big-ip_domain_name_system | * |
| apache | apisix | * |
| traefik | traefik | 3.0.0 |
| f5 | big-ip_global_traffic_manager | * |
| redhat | integration_service_registry | - |
| f5 | big-ip_application_security_manager | 17.1.0 |
| redhat | certification_for_red_hat_enterprise_linux | 8.0 |
| redhat | jboss_enterprise_application_platform | 6.0.0 |
| f5 | big-ip_advanced_firewall_manager | * |
| redhat | openshift | - |
| f5 | big-ip_ssl_orchestrator | * |
| cisco | fog_director | * |
| redhat | support_for_spring_boot | - |
| redhat | enterprise_linux | 9.0 |
| redhat | jboss_core_services | - |
| varnish_cache_project | varnish_cache | * |
| f5 | big-ip_fraud_protection_service | 17.1.0 |
| netapp | oncommand_insight | - |
| microsoft | windows_server_2019 | - |
| cisco | secure_web_appliance_firmware | * |
| f5 | big-ip_advanced_firewall_manager | 17.1.0 |
| proxygen | * | |
| redhat | run_once_duration_override_operator | - |
| redhat | network_observability_operator | - |
| apache | tomcat | * |
| caddyserver | caddy | * |
| istio | istio | * |
| cisco | connected_mobile_experiences | * |
| cisco | unified_attendant_console_advanced | - |
| f5 | big-ip_webaccelerator | 17.1.0 |
| grpc | grpc | 1.57.0 |
| cisco | ultra_cloud_core_-_policy_control_function | * |
| f5 | big-ip_local_traffic_manager | * |
| apache | tomcat | 11.0.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | decision_manager | 7.0 |
| jenkins | jenkins | * |
| redhat | quay | 3.0.0 |
| cisco | expressway | * |
| redhat | cost_management | - |
| redhat | openshift_service_mesh | 2.0 |
| cisco | crosswork_data_gateway | * |
| f5 | big-ip_global_traffic_manager | 17.1.0 |
| f5 | big-ip_carrier-grade_nat | 17.1.0 |
| f5 | big-ip_next_service_proxy_for_kubernetes | * |
| ietf | http | 2.0 |
| f5 | big-ip_advanced_web_application_firewall | * |
| f5 | big-ip_link_controller | 17.1.0 |
| redhat | web_terminal | - |
| f5 | big-ip_policy_enforcement_manager | * |
| apple | swiftnio_http/2 | * |
| grpc | grpc | * |
| cisco | ios_xe | * |
| redhat | advanced_cluster_security | 4.0 |
| microsoft | windows_10_21h2 | * |
| redhat | single_sign-on | 7.0 |
| f5 | big-ip_application_visibility_and_reporting | 17.1.0 |
| microsoft | visual_studio_2022 | * |
| redhat | cert-manager_operator_for_red_hat_openshift | - |
| redhat | openshift_gitops | - |
| traefik | traefik | * |
| microsoft | azure_kubernetes_service | * |
| linecorp | armeria | * |
| redhat | openshift_data_science | - |
| dena | h2o | * |
| redhat | service_telemetry_framework | 1.5 |
| cisco | business_process_automation | * |
| redhat | node_healthcheck_operator | - |
| golang | go | * |
| envoyproxy | envoy | 1.25.9 |
| projectcontour | contour | * |
| cisco | unified_contact_center_management_portal | - |
| f5 | big-ip_ssl_orchestrator | 17.1.0 |
| microsoft | windows_10_22h2 | * |
| f5 | nginx_plus | r29 |
| f5 | nginx | * |
| konghq | kong_gateway | * |
| redhat | migration_toolkit_for_virtualization | - |
| redhat | build_of_quarkus | - |
| redhat | node_maintenance_operator | - |
| microsoft | asp.net_core | * |
| f5 | nginx_plus | r30 |
| microsoft | windows_server_2016 | - |
| redhat | ceph_storage | 5.0 |
| cisco | enterprise_chat_and_email | - |
| cisco | unified_contact_center_enterprise | - |
| cisco | crosswork_data_gateway | 5.0 |
| redhat | openstack_platform | 16.1 |
| apache | traffic_server | * |
| f5 | big-ip_access_policy_manager | * |
| redhat | jboss_fuse | 6.0.0 |
| f5 | big-ip_websafe | * |
| debian | debian_linux | 12.0 |
| cisco | ultra_cloud_core_-_policy_control_function | 2024.01.0 |
| amazon | opensearch_data_prepper | * |
| debian | debian_linux | 10.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | jboss_data_grid | 7.0.0 |
| redhat | openshift_virtualization | 4 |
| redhat | migration_toolkit_for_containers | - |
| redhat | process_automation | 7.0 |
| eclipse | jetty | * |
| f5 | big-ip_local_traffic_manager | 17.1.0 |
| linkerd | linkerd | 2.13.1 |
| redhat | openshift_distributed_tracing | - |
| f5 | nginx_ingress_controller | * |
| cisco | data_center_network_manager | - |
| envoyproxy | envoy | 1.26.4 |
| f5 | big-ip_advanced_web_application_firewall | 17.1.0 |
| redhat | openshift_api_for_data_protection | - |
| openresty | openresty | * |
| f5 | big-ip_policy_enforcement_manager | 17.1.0 |
| linkerd | linkerd | 2.14.1 |
| redhat | integration_camel_k | - |
| cisco | unified_contact_center_enterprise_-_live_data_server | * |
| linkerd | linkerd | 2.14.0 |
| redhat | build_of_optaplanner | 8.0 |
| kazu-yamamoto | http2 | * |
| cisco | nx-os | * |
| golang | networking | * |
| f5 | big-ip_websafe | 17.1.0 |