CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Oct 31, 2023
High
CISA KEVCVE-2023-44487
IETF—HTTP/2
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
Required Action
This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Oct 10, 2023
- KEV Added
- Oct 10, 2023
- Due Date
- Oct 31, 2023
- Related Articles
- 0
Vendor
IETF
HTTP/2