MidnightBSD

Advisories for kazu-yamamoto

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netapp astra_control_center -
microsoft windows_10_1809 *
microsoft windows_server_2022 -
microsoft windows_10_1607 *
redhat openshift_serverless -
cisco crosswork_situation_manager -
akka http_server *
apache solr *
linkerd linkerd 2.13.0
cisco prime_access_registrar *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
cisco secure_malware_analytics *
fedoraproject fedora 37
redhat jboss_fuse 7.0.0
microsoft cbl-mariner *
redhat cryostat 2.0
redhat service_interconnect 1.0
redhat 3scale_api_management_platform 2.0
cisco prime_infrastructure *
cisco firepower_threat_defense *
cisco ios_xr *
redhat openshift_container_platform_assisted_installer -
redhat self_node_remediation_operator -
nghttp2 nghttp2 *
redhat openshift_sandboxed_containers -
f5 big-ip_carrier-grade_nat *
cisco telepresence_video_communication_server *
envoyproxy envoy 1.27.0
f5 big-ip_access_policy_manager 17.1.0
debian debian_linux 11.0
f5 big-ip_ddos_hybrid_defender 17.1.0
cisco prime_cable_provisioning *
redhat advanced_cluster_management_for_kubernetes 2.0
redhat openshift_pipelines -
cisco secure_dynamic_attributes_connector *
f5 big-ip_fraud_protection_service *
redhat openstack_platform 17.1
redhat openshift_developer_tools_and_services -
redhat integration_camel_for_spring_boot -
redhat jboss_a-mq 7
redhat openshift_secondary_scheduler_operator -
cisco iot_field_network_director *
cisco prime_network_registrar *
redhat openstack_platform 16.2
redhat migration_toolkit_for_applications 6.0
f5 big-ip_application_security_manager *
redhat ansible_automation_platform 2.0
fedoraproject fedora 38
f5 big-ip_next 20.0.1
envoyproxy envoy 1.24.10
nodejs node.js *
redhat certification_for_red_hat_enterprise_linux 9.0
redhat jboss_enterprise_application_platform 7.0.0
f5 big-ip_analytics *
microsoft windows_11_21h2 *
cisco ultra_cloud_core_-_session_management_function *
linkerd linkerd *
f5 big-ip_webaccelerator *
redhat satellite 6.0
golang http2 *
redhat jboss_a-mq_streams -
f5 big-ip_domain_name_system 17.1.0
redhat enterprise_linux 8.0
cisco crosswork_zero_touch_provisioning *
redhat logging_subsystem_for_red_hat_openshift -
f5 nginx_plus *
f5 big-ip_application_acceleration_manager 17.1.0
netty netty *
microsoft .net *
f5 big-ip_analytics 17.1.0
redhat openshift_dev_spaces -
redhat advanced_cluster_security 3.0
f5 big-ip_application_acceleration_manager *
cisco unified_contact_center_domain_manager -
microsoft windows_11_22h2 *
redhat machine_deletion_remediation_operator -
redhat fence_agents_remediation_operator -
cisco ultra_cloud_core_-_serving_gateway_function *
f5 big-ip_link_controller *
f5 big-ip_domain_name_system *
apache apisix *
traefik traefik 3.0.0
f5 big-ip_global_traffic_manager *
redhat integration_service_registry -
f5 big-ip_application_security_manager 17.1.0
redhat certification_for_red_hat_enterprise_linux 8.0
redhat jboss_enterprise_application_platform 6.0.0
f5 big-ip_advanced_firewall_manager *
redhat openshift -
f5 big-ip_ssl_orchestrator *
cisco fog_director *
redhat support_for_spring_boot -
redhat enterprise_linux 9.0
redhat jboss_core_services -
varnish_cache_project varnish_cache *
f5 big-ip_fraud_protection_service 17.1.0
netapp oncommand_insight -
microsoft windows_server_2019 -
cisco secure_web_appliance_firmware *
f5 big-ip_advanced_firewall_manager 17.1.0
facebook proxygen *
redhat run_once_duration_override_operator -
redhat network_observability_operator -
apache tomcat *
caddyserver caddy *
istio istio *
cisco connected_mobile_experiences *
cisco unified_attendant_console_advanced -
f5 big-ip_webaccelerator 17.1.0
grpc grpc 1.57.0
cisco ultra_cloud_core_-_policy_control_function *
f5 big-ip_local_traffic_manager *
apache tomcat 11.0.0
redhat enterprise_linux 6.0
redhat decision_manager 7.0
jenkins jenkins *
redhat quay 3.0.0
cisco expressway *
redhat cost_management -
redhat openshift_service_mesh 2.0
cisco crosswork_data_gateway *
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_next_service_proxy_for_kubernetes *
ietf http 2.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_link_controller 17.1.0
redhat web_terminal -
f5 big-ip_policy_enforcement_manager *
apple swiftnio_http/2 *
grpc grpc *
cisco ios_xe *
redhat advanced_cluster_security 4.0
microsoft windows_10_21h2 *
redhat single_sign-on 7.0
f5 big-ip_application_visibility_and_reporting 17.1.0
microsoft visual_studio_2022 *
redhat cert-manager_operator_for_red_hat_openshift -
redhat openshift_gitops -
traefik traefik *
microsoft azure_kubernetes_service *
linecorp armeria *
redhat openshift_data_science -
dena h2o *
redhat service_telemetry_framework 1.5
cisco business_process_automation *
redhat node_healthcheck_operator -
golang go *
envoyproxy envoy 1.25.9
projectcontour contour *
cisco unified_contact_center_management_portal -
f5 big-ip_ssl_orchestrator 17.1.0
microsoft windows_10_22h2 *
f5 nginx_plus r29
f5 nginx *
konghq kong_gateway *
redhat migration_toolkit_for_virtualization -
redhat build_of_quarkus -
redhat node_maintenance_operator -
microsoft asp.net_core *
f5 nginx_plus r30
microsoft windows_server_2016 -
redhat ceph_storage 5.0
cisco enterprise_chat_and_email -
cisco unified_contact_center_enterprise -
cisco crosswork_data_gateway 5.0
redhat openstack_platform 16.1
apache traffic_server *
f5 big-ip_access_policy_manager *
redhat jboss_fuse 6.0.0
f5 big-ip_websafe *
debian debian_linux 12.0
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
amazon opensearch_data_prepper *
debian debian_linux 10.0
redhat openshift_container_platform 4.0
redhat jboss_data_grid 7.0.0
redhat openshift_virtualization 4
redhat migration_toolkit_for_containers -
redhat process_automation 7.0
eclipse jetty *
f5 big-ip_local_traffic_manager 17.1.0
linkerd linkerd 2.13.1
redhat openshift_distributed_tracing -
f5 nginx_ingress_controller *
cisco data_center_network_manager -
envoyproxy envoy 1.26.4
f5 big-ip_advanced_web_application_firewall 17.1.0
redhat openshift_api_for_data_protection -
openresty openresty *
f5 big-ip_policy_enforcement_manager 17.1.0
linkerd linkerd 2.14.1
redhat integration_camel_k -
cisco unified_contact_center_enterprise_-_live_data_server *
linkerd linkerd 2.14.0
redhat build_of_optaplanner 8.0
kazu-yamamoto http2 *
cisco nx-os *
golang networking *
f5 big-ip_websafe 17.1.0