The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/44xxx/CVE-2023-44487.json",
"cna_assigner": "mitre"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "10.5.3"
}
],
"cpe": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.0"
},
{
"fixed": "2.2.0"
},
{
"introduced": "2.0"
},
{
"last_affected": "2.0"
},
{
"introduced": "3.0.0"
},
{
"last_affected": "3.0.0"
},
{
"introduced": "1.5"
},
{
"last_affected": "1.5"
}
],
"cpe": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.0"
},
{
"introduced": "1.0-NA"
},
{
"last_affected": "1.0-NA"
},
{
"introduced": "1.0"
},
{
"last_affected": "1.0"
}
],
"cpe": [
"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.93"
},
{
"introduced": "9.0.0"
},
{
"last_affected": "9.0.80"
},
{
"introduced": "10.1.0"
},
{
"last_affected": "10.1.13"
},
{
"introduced": "11.0.0-milestone1"
},
{
"last_affected": "11.0.0-milestone1"
},
{
"introduced": "11.0.0-milestone10"
},
{
"last_affected": "11.0.0-milestone10"
},
{
"introduced": "11.0.0-milestone11"
},
{
"last_affected": "11.0.0-milestone11"
},
{
"introduced": "11.0.0-milestone2"
},
{
"last_affected": "11.0.0-milestone2"
},
{
"introduced": "11.0.0-milestone3"
},
{
"last_affected": "11.0.0-milestone3"
},
{
"introduced": "11.0.0-milestone4"
},
{
"last_affected": "11.0.0-milestone4"
},
{
"introduced": "11.0.0-milestone5"
},
{
"last_affected": "11.0.0-milestone5"
},
{
"introduced": "11.0.0-milestone6"
},
{
"last_affected": "11.0.0-milestone6"
},
{
"introduced": "11.0.0-milestone7"
},
{
"last_affected": "11.0.0-milestone7"
},
{
"introduced": "11.0.0-milestone8"
},
{
"last_affected": "11.0.0-milestone8"
},
{
"introduced": "11.0.0-milestone9"
},
{
"last_affected": "11.0.0-milestone9"
}
],
"cpe": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.28.0"
}
],
"cpe": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2023-10-08"
}
],
"cpe": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5"
}
],
"cpe": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "1.24.10"
},
{
"last_affected": "1.24.10"
},
{
"introduced": "1.25.9"
},
{
"last_affected": "1.25.9"
},
{
"introduced": "1.26.4"
},
{
"last_affected": "1.26.4"
},
{
"introduced": "1.27.0"
},
{
"last_affected": "1.27.0"
}
],
"cpe": [
"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2023.10.16.00"
}
],
"cpe": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.20.10"
},
{
"introduced": "1.21.0"
},
{
"fixed": "1.21.3"
}
],
"cpe": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.56.3"
},
{
"last_affected": "1.59.2"
},
{
"introduced": "1.58.0"
},
{
"fixed": "1.58.3"
},
{
"introduced": "1.57.0-NA"
},
{
"last_affected": "1.57.0-NA"
}
],
"cpe": [
"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.56.3"
},
{
"introduced": "1.58.0"
},
{
"fixed": "1.58.3"
},
{
"introduced": "1.57.0-NA"
},
{
"last_affected": "1.57.0-NA"
}
],
"cpe": [
"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.1"
},
{
"introduced": "1.5.0"
},
{
"last_affected": "1.8.2"
},
{
"introduced": "1.0-sp1"
},
{
"last_affected": "1.0-sp1"
},
{
"introduced": "1.0-sp2"
},
{
"last_affected": "1.0-sp2"
}
],
"cpe": [
"cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.17.6"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.3"
},
{
"introduced": "1.19.0"
},
{
"fixed": "1.19.1"
}
],
"cpe": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.414.2"
},
{
"last_affected": "2.427"
}
],
"cpe": [
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
],
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "9.4.53"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.17"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.17"
},
{
"introduced": "12.0.0"
},
{
"fixed": "12.0.2"
}
],
"cpe": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.2.2"
}
],
"cpe": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
],
"cpe": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.17.0"
},
{
"fixed": "1.22"
}
],
"cpe": [
"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "2.12.0"
},
{
"last_affected": "2.12.5"
},
{
"introduced": "2.13.0"
},
{
"last_affected": "2.13.0"
},
{
"introduced": "2.13.1"
},
{
"last_affected": "2.13.1"
},
{
"introduced": "2.14.0"
},
{
"last_affected": "2.14.0"
},
{
"introduced": "2.14.1"
},
{
"last_affected": "2.14.1"
}
],
"cpe": [
"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.1.100"
}
],
"cpe": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.57.0"
}
],
"cpe": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "2.0.0"
},
{
"last_affected": "2.4.2"
},
{
"introduced": "3.0.0"
},
{
"last_affected": "3.3.0"
}
],
"cpe": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.21.4.3"
}
],
"cpe": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.5.0"
}
],
"cpe": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"cpe": [
"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.10.5"
},
{
"introduced": "3.0.0-beta1"
},
{
"last_affected": "3.0.0-beta1"
},
{
"introduced": "3.0.0-beta2"
},
{
"last_affected": "3.0.0-beta2"
},
{
"introduced": "3.0.0-beta3"
},
{
"last_affected": "3.0.0-beta3"
}
],
"cpe": [
"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}