CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Oct 31, 2023
Description
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
EPSS — Exploit Probability
Higher than 100.0% of all CVEs
Required Action
This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Risk Assessment
HIGHDetails
- Severity
- High
- EPSS
- 94.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Oct 10, 2023
Added to KEV
Oct 10, 2023
Remediation Due
Oct 31, 2023