CVE-2023-44487
Confirmed PUBLISHEDThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as...
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE Published
- Oct 10, 2023
- Exploitation Reported
- Oct 10, 2023
- CVSS
- 7.5 High
- EPSS
- 100.0%
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| ietf |
http
|
2.0 |
Affected |
| Siemens |
RUGGEDCOM APE1808
|
0 to < * |
Affected |
| Siemens |
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
|
V3.1.5 to < * |
Affected |
| Siemens |
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP
|
V3.1.5 to < * |
Affected |
| Siemens |
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
|
V3.1.5 to < * |
Affected |
| Siemens |
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
|
V3.1.5 to < * |
Affected |
| Siemens |
SINEC NMS
|
0 to < V3.0 |
Affected |
| Siemens |
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP
|
V3.1.5 to < * |
Affected |
| n/a |
n/a
|
n/a |
Affected |
CVE References
- DSA-5522 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5522
- DSA-5521 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5521
- FEDORA-2023-ed2642fd58 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-54fadada12 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-5ff7bf1dd8 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
Show 139 more references
- FEDORA-2023-17efd3f2cd lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-d5030c983c lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-0259c3f26f lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-2a9214af5f lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-e9c04d81c1 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-f66fc0f62a lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-4d2fd884ea lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-b2c50535cb lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-fe53e13b5b lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-4bf641255e lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- DSA-5540 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5540
- FEDORA-2023-1caffb88af lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-3f70b8d406 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-7b52921cae lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-7934802344 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-dbe64661af lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-822aab0a5a lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- DSA-5549 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5549
- FEDORA-2023-c0c6a91330 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- FEDORA-2023-492b7be466 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
- DSA-5558 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5558
- GLSA-202311-09 security.gentoo.org · Vendor Advisory https://security.gentoo.org/glsa/202311-09
- DSA-5570 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5570
- [oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/10/7
- [oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/10/6
- [debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- [oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/13/4
- [oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/13/9
- [debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
- [debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
- [oss-security] 20231018 Vulnerability in Jenkins openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/18/4
- [oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/18/8
- [oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/19/6
- [oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2023/10/20/8
- [debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
- [debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
- [debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
- [debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update lists.debian.org · Mailing List https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
- GitHub — dotnet/core github.com · CVE Record https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1de...
- blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-a... blog.cloudflare.com · CVE Record https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddo...
- aws.amazon.com/security/security-bulletins/AWS-2023-011 aws.amazon.com · CVE Record https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
- cloud.google.com/blog/products/identity-security/how-it-works... cloud.google.com · CVE Record https://cloud.google.com/blog/products/identity-security/how-it-works...
- nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-... nginx.com · CVE Record https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-ngi...
- cloud.google.com/blog/products/identity-security/google-cloud... cloud.google.com · CVE Record https://cloud.google.com/blog/products/identity-security/google-cloud...
- news.ycombinator.com/item news.ycombinator.com · CVE Record https://news.ycombinator.com/item?id=37831062
- blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-d... blog.cloudflare.com · CVE Record https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breakin...
- phoronix.com/news/HTTP2-Rapid-Reset-Attack phoronix.com · CVE Record https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
- GitHub — envoyproxy/envoy github.com · CVE Record https://github.com/envoyproxy/envoy/pull/30055
- GitHub — haproxy/haproxy github.com · CVE Record https://github.com/haproxy/haproxy/issues/2312
- GitHub — eclipse/jetty.project github.com · CVE Record https://github.com/eclipse/jetty.project/issues/10679
- forums.swift.org/t/swift-nio-http2-security-update-cve-2023-4... forums.swift.org · CVE Record https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-4...
- GitHub — nghttp2/nghttp2 github.com · CVE Record https://github.com/nghttp2/nghttp2/pull/1961
- GitHub — netty/netty github.com · CVE Record https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042...
- GitHub — alibaba/tengine github.com · CVE Record https://github.com/alibaba/tengine/issues/1872
- GitHub — apache/tomcat github.com · CVE Record https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
- news.ycombinator.com/item news.ycombinator.com · CVE Record https://news.ycombinator.com/item?id=37830987
- news.ycombinator.com/item news.ycombinator.com · CVE Record https://news.ycombinator.com/item?id=37830998
- GitHub — caddyserver/caddy github.com · CVE Record https://github.com/caddyserver/caddy/issues/5877
- bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-da... bleepingcomputer.com · CVE Record https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset...
- GitHub — bcdannyboy/CVE-2023-44487 github.com · CVE Record https://github.com/bcdannyboy/CVE-2023-44487
- GitHub — grpc/grpc-go github.com · CVE Record https://github.com/grpc/grpc-go/pull/6703
- GitHub — icing/mod_h2 github.com · CVE Record https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32c...
- GitHub — nghttp2/nghttp2 github.com · CVE Record https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
- mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR... mailman.nginx.org · CVE Record https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBX...
- my.f5.com/manage/s/article/K000137106 my.f5.com · CVE Record https://my.f5.com/manage/s/article/K000137106
- msrc.microsoft.com/blog/2023/10/microsoft-response-to-distribut... msrc.microsoft.com · CVE Record https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distrib...
- bugzilla.proxmox.com/show_bug.cgi bugzilla.proxmox.com · CVE Record https://bugzilla.proxmox.com/show_bug.cgi?id=4988
- cgit.freebsd.org/ports/commit cgit.freebsd.org · CVE Record https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9...
- seanmonstar.com/post/730794151136935936/hyper-http2-rapid-re... seanmonstar.com · CVE Record https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-res...
- GitHub — microsoft/CBL-Mariner github.com · CVE Record https://github.com/microsoft/CBL-Mariner/pull/6381
- groups.google.com/g/golang-announce/c/iNNxDTCjZvo groups.google.com · CVE Record https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
- GitHub — facebook/proxygen github.com · CVE Record https://github.com/facebook/proxygen/pull/466
- gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 gist.github.com · CVE Record https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
- GitHub — micrictor/http2-rst-stream github.com · CVE Record https://github.com/micrictor/http2-rst-stream
- edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-... edg.io · CVE Record https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
- openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerabi... openssf.org · CVE Record https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-...
- GitHub — h2o/h2o github.com · CVE Record https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
- GitHub — h2o/h2o github.com · CVE Record https://github.com/h2o/h2o/pull/3291
- GitHub — nodejs/node github.com · CVE Record https://github.com/nodejs/node/pull/50121
- GitHub — dotnet/announcements github.com · CVE Record https://github.com/dotnet/announcements/issues/277
- GitHub — golang/go github.com · CVE Record https://github.com/golang/go/issues/63417
- GitHub — advisories/GHSA-vx74-f528-fxqg github.com · CVE Record https://github.com/advisories/GHSA-vx74-f528-fxqg
- GitHub — apache/trafficserver github.com · CVE Record https://github.com/apache/trafficserver/pull/10564
- msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 msrc.microsoft.com · CVE Record https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
- tomcat.apache.org/security-10.html tomcat.apache.org · CVE Record https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10....
- Apache Mailing List lists.apache.org · CVE Record https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- OSS-Security Mailing List openwall.com · CVE Record https://www.openwall.com/lists/oss-security/2023/10/10/6
- haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-r... haproxy.com · CVE Record https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-ra...
- GitHub — opensearch-project/data-prepper github.com · CVE Record https://github.com/opensearch-project/data-prepper/issues/3474
- GitHub — kubernetes/kubernetes github.com · CVE Record https://github.com/kubernetes/kubernetes/pull/121120
- GitHub — oqtane/oqtane.framework github.com · CVE Record https://github.com/oqtane/oqtane.framework/discussions/3367
- GitHub — advisories/GHSA-xpw8-rcwv-8f8p github.com · CVE Record https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
- netty.io/news/2023/10/10/4-1-100-Final.html netty.io · CVE Record https://netty.io/news/2023/10/10/4-1-100-Final.html
- cisa.gov/news-events/alerts/2023/10/10/http2-rapid-re... cisa.gov · CVE Record https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-...
- theregister.com/2023/10/10/http2_rapid_reset_zeroday theregister.com · CVE Record https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
- blog.qualys.com/vulnerabilities-threat-research/2023/10/10/c... blog.qualys.com · CVE Record https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cv...
- news.ycombinator.com/item news.ycombinator.com · CVE Record https://news.ycombinator.com/item?id=37837043
- GitHub — kazu-yamamoto/http2 github.com · CVE Record https://github.com/kazu-yamamoto/http2/issues/93
- martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-st... martinthomson.github.io · CVE Record https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbi...
- GitHub — kazu-yamamoto/http2 github.com · CVE Record https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1c...
- GitHub — apache/httpd github.com · CVE Record https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0...
- access.redhat.com/security/cve/cve-2023-44487 access.redhat.com · CVE Record https://access.redhat.com/security/cve/cve-2023-44487
- GitHub — ninenines/cowboy github.com · CVE Record https://github.com/ninenines/cowboy/issues/1615
- GitHub — varnishcache/varnish-cache github.com · CVE Record https://github.com/varnishcache/varnish-cache/issues/3996
- GitHub — tempesta-tech/tempesta github.com · CVE Record https://github.com/tempesta-tech/tempesta/issues/1986
- blog.vespa.ai/cve-2023-44487 blog.vespa.ai · CVE Record https://blog.vespa.ai/cve-2023-44487/
- GitHub — etcd-io/etcd github.com · CVE Record https://github.com/etcd-io/etcd/issues/16740
- darkreading.com/cloud/internet-wide-zero-day-bug-fuels-large... darkreading.com · CVE Record https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-la...
- istio.io/latest/news/security/istio-security-2023-004 istio.io · CVE Record https://istio.io/latest/news/security/istio-security-2023-004/
- GitHub — junkurihara/rust-rpxy github.com · CVE Record https://github.com/junkurihara/rust-rpxy/issues/97
- bugzilla.suse.com/show_bug.cgi bugzilla.suse.com · CVE Record https://bugzilla.suse.com/show_bug.cgi?id=1216123
- bugzilla.redhat.com/show_bug.cgi bugzilla.redhat.com · CVE Record https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- ubuntu.com/security/CVE-2023-44487 ubuntu.com · CVE Record https://ubuntu.com/security/CVE-2023-44487
- community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 community.traefik.io · CVE Record https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-4448...
- GitHub — advisories/GHSA-qppj-fm5r-hxr3 github.com · CVE Record https://github.com/advisories/GHSA-qppj-fm5r-hxr3
- GitHub — apache/httpd-site github.com · CVE Record https://github.com/apache/httpd-site/pull/10
- GitHub — projectcontour/contour github.com · CVE Record https://github.com/projectcontour/contour/pull/5826
- GitHub — linkerd/website github.com · CVE Record https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc827...
- GitHub — line/armeria github.com · CVE Record https://github.com/line/armeria/pull/5232
- blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty blog.litespeedtech.com · CVE Record https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerab...
- security.paloaltonetworks.com/CVE-2023-44487 security.paloaltonetworks.com · CVE Record https://security.paloaltonetworks.com/CVE-2023-44487
- GitHub — akka/akka-http github.com · CVE Record https://github.com/akka/akka-http/issues/4323
- GitHub — openresty/openresty github.com · CVE Record https://github.com/openresty/openresty/issues/930
- GitHub — apache/apisix github.com · CVE Record https://github.com/apache/apisix/issues/10320
- GitHub — Azure/AKS github.com · CVE Record https://github.com/Azure/AKS/issues/3947
- GitHub — Kong/kong github.com · CVE Record https://github.com/Kong/kong/discussions/11741
- GitHub — arkrwn/PoC github.com · CVE Record https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
- netlify.com/blog/netlify-successfully-mitigates-cve-2023... netlify.com · CVE Record https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-...
- GitHub — caddyserver/caddy github.com · CVE Record https://github.com/caddyserver/caddy/releases/tag/v2.7.5
- arstechnica.com/security/2023/10/how-ddosers-used-the-http-2... arstechnica.com · CVE Record https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-...
- lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025... lists.w3.org · CVE Record https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
- linkerd.io/2023/10/12/linkerd-cve-2023-44487 linkerd.io · CVE Record https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
- security.netapp.com/advisory/ntap-20231016-0001 security.netapp.com · CVE Record https://security.netapp.com/advisory/ntap-20231016-0001/
- discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-af... discuss.hashicorp.com · CVE Record https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-bounda...
- security.netapp.com/advisory/ntap-20240426-0007 security.netapp.com · CVE Record https://security.netapp.com/advisory/ntap-20240426-0007/
- security.netapp.com/advisory/ntap-20240621-0006 security.netapp.com · CVE Record https://security.netapp.com/advisory/ntap-20240621-0006/
- security.netapp.com/advisory/ntap-20240621-0007 security.netapp.com · CVE Record https://security.netapp.com/advisory/ntap-20240621-0007/
- GitHub — grpc/grpc github.com · CVE Record https://github.com/grpc/grpc/releases/tag/v1.59.2
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisor... sec.cloudapps.cisco.com · CVE Record https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurity...
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CISA First | 2023-10-10 00:00 UTC |
| CVE | 2026-06-05 09:28 UTC |
No detection artifacts or sensor request patterns are available for this CVE yet.
Check back as sensor telemetry and scanner integrations are updated.
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitation Status
Exploited in the wild
Recorded 2023-10-10 00:00:00 UTC · CISA
Proof of concept available
Recorded 2023-10-10 14:20:42 UTC · GitHub
Weaknesses (CWE)
-
Uncontrolled Resource Consumption
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/237067 | Jun 02, 2025 |
Recent Mentions
Github Advisory Database (Maven) · Jun 08, 2026
Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts SETTINGS_MAX_CONCURRENT_STREAMS by default (Http2Settings.java:305-307 only clamps a user-supplied value). Unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a Netty HTTP/2 server advertises no limit and enforces none locally. Each open stream allocates a DefaultStream object, PropertyMap slots, flow-controller state and IntObjectHashMap entry; with ~2^30 permissible odd stream IDs a single TCP connection can create hundreds of thousands of long-lived stream objects. This is also the precondition for CVE-2023-44487-style Rapid-Reset amplification, where the absence of a low concurrent cap multiplies backend work. Resources https://www.rfc-editor.org/rfc/rfc7540.html#section-6.5.2 References https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q https://github.com/netty/netty/releases/tag/netty-4.1.135.Final https://github.com/netty/netty/releases/tag/netty-4.2.15.Final https://github.com/advisories/GHSA-5x3r-wrvg-rp6q
Potential Proof of Concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-12-03 14:54:21 UTC · 3 stars
github · Created 2023-10-25 09:11:46 UTC · 2 stars
github · Created 2023-10-16 11:07:50 UTC · 19 stars
A python based exploit to test out rapid reset attack (CVE-2023-44487)
github · Created 2023-10-11 01:59:47 UTC · 54 stars
Proof of concept for DoS exploit
github · Created 2023-10-10 14:20:42 UTC · 230 stars
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
09:28 UTC about 1 month ago09:28 UTC · about 1 month ago
KEV confirmed by CVE
Exploitation attested by an external source
-
09:26 UTC about 1 year ago09:26 UTC · about 1 year ago
Nessus plugin available
Scanner coverage available
-
14:20 UTC almost 3 years ago14:20 UTC · almost 3 years ago
Public PoC available
Public proof-of-concept code published
-
00:00 UTC almost 3 years ago00:00 UTC · almost 3 years ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
00:00 UTC almost 3 years ago00:00 UTC · almost 3 years ago
CVE published
Vulnerability disclosed publicly
-
00:00 UTC almost 3 years ago00:00 UTC · almost 3 years ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2023-44487
{
"cve_id": "CVE-2023-44487",
"title": "The HTTP/2 protocol allows a denial of service (server resource consumption) ...",
"affected_vendor": "Google",
"affected_product": "Cloud Platform",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 7.5,
"epss_score": 0.99999,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}