U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2023-44487 Detail

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2023/10/10/6 MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/10/7 MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/13/4 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/13/9 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/18/4 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/18/8 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/19/6 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2023/10/20/8 CVE, MITRE Mailing List  Third Party Advisory 
http://www.openwall.com/lists/oss-security/2025/08/13/6 CVE Third Party Advisory 
https://access.redhat.com/security/cve/cve-2023-44487 CVE, MITRE Vendor Advisory 
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ CVE, MITRE Third Party Advisory 
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ CVE, MITRE Technical Description  Vendor Advisory 
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ CVE, MITRE Third Party Advisory  Vendor Advisory 
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ CVE, MITRE Vendor Advisory 
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://blog.vespa.ai/cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://bugzilla.proxmox.com/show_bug.cgi?id=4988 CVE, MITRE Issue Tracking  Third Party Advisory 
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 CVE, MITRE Issue Tracking  Vendor Advisory 
https://bugzilla.suse.com/show_bug.cgi?id=1216123 CVE, MITRE Issue Tracking  Vendor Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-082556.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-341067.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-784301.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-832273.html siemens-SADP Third Party Advisory 
https://cert-portal.siemens.com/productcert/html/ssa-915275.html siemens-SADP Third Party Advisory 
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 CVE, MITRE Mailing List  Patch  Vendor Advisory 
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ CVE, MITRE Technical Description  Vendor Advisory 
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack CVE, MITRE Technical Description  Vendor Advisory 
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 CVE, MITRE Vendor Advisory 
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 CVE, MITRE Third Party Advisory 
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve CVE, MITRE Broken Link 
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 CVE, MITRE Vendor Advisory 
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 CVE, MITRE Issue Tracking  Patch 
https://github.com/Azure/AKS/issues/3947 CVE, MITRE Issue Tracking 
https://github.com/Kong/kong/discussions/11741 CVE, MITRE Issue Tracking 
https://github.com/advisories/GHSA-qppj-fm5r-hxr3 CVE, MITRE Vendor Advisory 
https://github.com/advisories/GHSA-vx74-f528-fxqg CVE, MITRE Mitigation  Patch  Vendor Advisory 
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p CVE, MITRE Patch  Vendor Advisory 
https://github.com/akka/akka-http/issues/4323 CVE, MITRE Issue Tracking 
https://github.com/alibaba/tengine/issues/1872 CVE, MITRE Issue Tracking 
https://github.com/apache/apisix/issues/10320 CVE, MITRE Issue Tracking 
https://github.com/apache/httpd-site/pull/10 CVE, MITRE Issue Tracking 
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 CVE, MITRE Product 
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 CVE, MITRE Product  Third Party Advisory 
https://github.com/apache/trafficserver/pull/10564 CVE, MITRE Issue Tracking  Patch 
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://github.com/bcdannyboy/CVE-2023-44487 CVE, MITRE Third Party Advisory 
https://github.com/caddyserver/caddy/issues/5877 CVE, MITRE Issue Tracking  Vendor Advisory 
https://github.com/caddyserver/caddy/releases/tag/v2.7.5 CVE, MITRE Release Notes  Third Party Advisory 
https://github.com/dotnet/announcements/issues/277 CVE, MITRE Issue Tracking  Mitigation  Vendor Advisory 
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 CVE, MITRE Product  Release Notes 
https://github.com/eclipse/jetty.project/issues/10679 CVE, MITRE Issue Tracking 
https://github.com/envoyproxy/envoy/pull/30055 CVE, MITRE Issue Tracking  Patch 
https://github.com/etcd-io/etcd/issues/16740 CVE, MITRE Issue Tracking  Patch 
https://github.com/facebook/proxygen/pull/466 CVE, MITRE Issue Tracking  Patch 
https://github.com/golang/go/issues/63417 CVE, MITRE Issue Tracking 
https://github.com/grpc/grpc-go/pull/6703 CVE, MITRE Issue Tracking  Patch 
https://github.com/grpc/grpc/releases/tag/v1.59.2 MITRE Mailing List 
https://github.com/h2o/h2o/pull/3291 CVE, MITRE Issue Tracking  Patch 
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf CVE, MITRE Vendor Advisory 
https://github.com/haproxy/haproxy/issues/2312 CVE, MITRE Issue Tracking 
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 CVE, MITRE Product 
https://github.com/junkurihara/rust-rpxy/issues/97 CVE, MITRE Issue Tracking 
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 CVE, MITRE Patch 
https://github.com/kazu-yamamoto/http2/issues/93 CVE, MITRE Issue Tracking 
https://github.com/kubernetes/kubernetes/pull/121120 CVE, MITRE Issue Tracking  Patch 
https://github.com/line/armeria/pull/5232 CVE, MITRE Issue Tracking  Patch 
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 CVE, MITRE Patch 
https://github.com/micrictor/http2-rst-stream CVE, MITRE Exploit  Third Party Advisory 
https://github.com/microsoft/CBL-Mariner/pull/6381 CVE, MITRE Issue Tracking  Patch 
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 CVE, MITRE Patch 
https://github.com/nghttp2/nghttp2/pull/1961 CVE, MITRE Issue Tracking  Patch 
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 CVE, MITRE Release Notes 
https://github.com/ninenines/cowboy/issues/1615 CVE, MITRE Issue Tracking 
https://github.com/nodejs/node/pull/50121 CVE, MITRE Issue Tracking 
https://github.com/openresty/openresty/issues/930 CVE, MITRE Issue Tracking 
https://github.com/opensearch-project/data-prepper/issues/3474 CVE, MITRE Issue Tracking  Patch 
https://github.com/oqtane/oqtane.framework/discussions/3367 CVE, MITRE Issue Tracking 
https://github.com/projectcontour/contour/pull/5826 CVE, MITRE Issue Tracking  Patch 
https://github.com/tempesta-tech/tempesta/issues/1986 CVE, MITRE Issue Tracking 
https://github.com/varnishcache/varnish-cache/issues/3996 CVE, MITRE Issue Tracking 
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo CVE, MITRE Mailing List  Release Notes  Vendor Advisory 
https://istio.io/latest/news/security/istio-security-2023-004/ CVE, MITRE Vendor Advisory 
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html CVE, MITRE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html CVE, MITRE Mailing List 
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html CVE, MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ CVE Mailing List 
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ CVE Mailing List  Third Party Advisory 
https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ MITRE Mailing List 
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ MITRE Mailing List 
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html CVE, MITRE Mailing List  Third Party Advisory 
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html CVE, MITRE Mailing List  Patch  Third Party Advisory 
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html CVE, MITRE Third Party Advisory 
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ CVE, MITRE Patch  Vendor Advisory 
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 CVE, MITRE Mitigation  Patch  Vendor Advisory 
https://my.f5.com/manage/s/article/K000137106 CVE, MITRE Vendor Advisory 
https://netty.io/news/2023/10/10/4-1-100-Final.html CVE, MITRE Release Notes  Vendor Advisory 
https://news.ycombinator.com/item?id=37830987 CVE, MITRE Issue Tracking 
https://news.ycombinator.com/item?id=37830998 CVE, MITRE Issue Tracking  Press/Media Coverage 
https://news.ycombinator.com/item?id=37831062 CVE, MITRE Issue Tracking 
https://news.ycombinator.com/item?id=37837043 CVE, MITRE Issue Tracking 
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ CVE, MITRE Third Party Advisory 
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected CVE, MITRE Third Party Advisory 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ MITRE Vendor Advisory 
https://security.gentoo.org/glsa/202311-09 CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20231016-0001/ CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240426-0007/ CVE, MITRE Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240621-0006/ CVE, MITRE Exploit  Third Party Advisory 
https://security.netapp.com/advisory/ntap-20240621-0007/ CVE, MITRE Third Party Advisory 
https://security.paloaltonetworks.com/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 CVE, MITRE Release Notes 
https://ubuntu.com/security/CVE-2023-44487 CVE, MITRE Vendor Advisory 
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ CVE, MITRE Third Party Advisory 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487 CISA-ADP US Government Resource 
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 CVE, MITRE Third Party Advisory  US Government Resource 
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5521 CVE, MITRE Mailing List  Vendor Advisory 
https://www.debian.org/security/2023/dsa-5522 CVE, MITRE Mailing List  Vendor Advisory 
https://www.debian.org/security/2023/dsa-5540 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5549 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5558 CVE, MITRE Mailing List  Third Party Advisory 
https://www.debian.org/security/2023/dsa-5570 CVE, MITRE Third Party Advisory 
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 CVE, MITRE Third Party Advisory  Vendor Advisory 
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ CVE, MITRE Vendor Advisory 
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ CVE, MITRE Mitigation  Vendor Advisory 
https://www.openwall.com/lists/oss-security/2023/10/10/6 CVE, MITRE Mailing List  Third Party Advisory 
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack CVE, MITRE Press/Media Coverage 
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ CVE, MITRE Press/Media Coverage  Third Party Advisory 
https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause CVE Third Party Advisory 

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name Date Added Due Date Required Action
HTTP/2 Rapid Reset Attack Vulnerability 10/10/2023 10/31/2023 Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information cwe source acceptance level NIST  
CWE-400 Uncontrolled Resource Consumption CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

80 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-44487
NVD Published Date:
10/10/2023
NVD Last Modified:
05/12/2026
Source:
MITRE