CVE-2023-44487

Confirmed PUBLISHED

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as...

Google · Cloud Platform
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.5 High EPSS 100.0%

At a Glance

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

cisa nessus_scanner
CVE Published
Oct 10, 2023
Exploitation Reported
Oct 10, 2023
CVSS
7.5 High
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
ietf
http

2.0

Affected
Siemens
RUGGEDCOM APE1808

0 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SINEC NMS

0 to < V3.0

Affected
Siemens
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
n/a
n/a

n/a

Affected

CVE References

  • DSA-5522 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5522
  • DSA-5521 debian.org · Vendor Advisory https://www.debian.org/security/2023/dsa-5521
  • FEDORA-2023-ed2642fd58 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
  • FEDORA-2023-54fadada12 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
  • FEDORA-2023-5ff7bf1dd8 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists....
Show 139 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.