CVE-2023-44487

Scores

EPSS

0.945High94.5%
0%20%40%60%80%100%

Percentile: 94.5%

CVSS

7.5High3.x
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x
7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

anchore_overridesastradebianmsrcnvdredhatubuntu

CWEs

CWE-400

Exploits

Exploit ID: CVE-2023-44487

Source: github-poc

URL: https://github.com/moften/CVE-2023-44487

Vulnerable Software (604)

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:com.typesafe.akka:akka-http-core:*:*:*:*:*:maven:*:*",
          "versionEndExcluding": "10.5.3"
        }
     ...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "1.24.12"
        },
        {
          "cp...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "6.0.12"
        },
     ...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:com.typesafe.akka:akka-http-core_2.11:*:*:*:*:*:maven:*:*",
          "versionEndIncluding": "10.1.15"
        }...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "1.20.10"
        },
        {
          "cpe23uri"...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:go:*:*",
          "versionEndExcluding": "2.7.5"
        }
      ],
      "negate":...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "6.0.23",
          "versionStartInclu...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
          "versionEndExcluding": "6.0.23",
          "versionStartIncluding": "...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
          "versionEndExcluding": "1.56.3"
        },
        {
          "cpe23uri"...

Source: anchore_overrides

Type: Configuration

Operating System:

Trait:
{
  "children": [
    {
      "cpe_match": [
        {
          "cpe23uri": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:go:*:*",
          "versionEndExcluding": "2.7.5"
        }
      ],
      "negate":...

Source: anchore_overrides