CVE-2023-44487
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-44487
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HTTP/2 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Micros
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2023-44487
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487 | https://github.com/bcdannyboy/CVE-2023-44487 | POC Details |
| 2 | Proof of concept for DoS exploit | https://github.com/imabee101/CVE-2023-44487 | POC Details |
| 3 | Test Script for CVE-2023-44487 | https://github.com/ByteHackr/CVE-2023-44487 | POC Details |
| 4 | CVE-2023-44487 | https://github.com/pabloec20/rapidreset | POC Details |
| 5 | Tool for testing mitigations and exposure to Rapid Reset DDoS (CVE-2023-44487) | https://github.com/secengjeff/rapidresetclient | POC Details |
| 6 | A python based exploit to test out rapid reset attack (CVE-2023-44487) | https://github.com/studiogangster/CVE-2023-44487 | POC Details |
| 7 | None | https://github.com/ReToCode/golang-CVE-2023-44487 | POC Details |
| 8 | HTTP/2 RAPID RESET | https://github.com/sigridou/CVE-2023-44487 | POC Details |
| 9 | Highly configurable tool to check a server's vulnerability against CVE-2023-44487 by rapidly sending HEADERS and RST_STREAM frames and documenting the server's responses. | https://github.com/ndrscodes/http2-rst-stream-attacker | POC Details |
| 10 | Examples for Implementing cve-2023-44487 ( HTTP/2 Rapid Reset Attack ) Concept | https://github.com/nxenon/cve-2023-44487 | POC Details |
| 11 | A tool to check how well a system can handle Rapid Reset DDoS attacks (CVE-2023-44487). | https://github.com/terrorist/HTTP-2-Rapid-Reset-Client | POC Details |
| 12 | None | https://github.com/sigridou/CVE-2023-44487- | POC Details |
| 13 | None | https://github.com/TYuan0816/cve-2023-44487 | POC Details |
| 14 | None | https://github.com/sn130hk/CVE-2023-44487 | POC Details |
| 15 | None | https://github.com/threatlabindonesia/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC | POC Details |
| 16 | RapidResetClient | https://github.com/aulauniversal/CVE-2023-44487 | POC Details |
| 17 | POC for CVE-2023-44487 | https://github.com/BMG-Black-Magic/CVE-2023-44487 | POC Details |
| 18 | Tool for testing mitigations and exposure to Rapid Reset DDoS (CVE-2023-44487) | https://github.com/internalwhel/rapidresetclient | POC Details |
| 19 | HTTP/2 Rapid Reset Exploit PoC | https://github.com/moften/CVE-2023-44487 | POC Details |
| 20 | Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487) | https://github.com/zanks08/cve-2023-44487-demo | POC Details |
| 21 | HTTP/2 Rapid Reset Exploit PoC | https://github.com/moften/CVE-2023-44487-HTTP-2-Rapid-Reset-Attack | POC Details |
| 22 | A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over testing parameters, multiple attack patterns, and advanced monitoring capabilities. | https://github.com/madhusudhan-in/CVE_2023_44487-Rapid_Reset | POC Details |
| 23 | Proof of concept for DoS exploit | https://github.com/Appsynergy-io/CVE-2023-44487 | POC Details |
| 24 | poc for the rst dos attack discovered in 2023 | https://github.com/tpirate/cve-2023-44487-POC | POC Details |
| 25 | PoC for HTTP/2 Rapid Reset DDoS Vulnerability - CVE-2023-44487 | https://github.com/ReGeLePuMa/HTTP-2-Rapid-Reset-DDos | POC Details |
| 26 | Replicable Blueprint for advanced DDoS Purple Teaming, engineered for the threat landscape. It integrates a Red Elite Teaming offensive suite—featuring multi-vector rotations, HTTP/2 Rapid Reset (CVE-2023-44487) exploitation, and mTLS 1.3-encrypted C2 orchestration—with a high-integrity 7-Tier Blue Elite Teaming defense-in-depth architecture. | https://github.com/sastraadiwiguna-purpleeliteteaming/DDoS-Purple-Teaming-Offensive-Multi-Vector-7-Tier-Defensive-Holistic-Blueprint- | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-44487
请登录查看更多情报信息。
- https://www.debian.org/security/2023/dsa-5540vendor-advisory
- https://www.debian.org/security/2023/dsa-5570vendor-advisory
- https://www.debian.org/security/2023/dsa-5549vendor-advisory
- https://www.debian.org/security/2023/dsa-5522vendor-advisory
- https://www.debian.org/security/2023/dsa-5521vendor-advisory
- https://security.gentoo.org/glsa/202311-09vendor-advisory
- Oh noes!vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Same Patch Batch · n/a · 2023-10-10 · 23 CVEs total
| CVE-2020-27635 | Multiple Embedded TCP/IP 安全特征问题漏洞 | |
| CVE-2023-36126 | PHPJabbers Appointment Scheduler 跨站脚本漏洞 | |
| CVE-2023-36127 | PHPJabbers Appointment Scheduler 安全漏洞 | |
| CVE-2023-45312 | Ericsson Erlang 安全漏洞 | |
| CVE-2023-31096 | Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver 缓冲区错误漏洞 | |
| CVE-2023-43896 | Macrium Reflect 安全漏洞 | |
| CVE-2020-27213 | Multiple Embedded TCP/IP 安全特征问题漏洞 | |
| CVE-2020-27630 | Multiple Embedded TCP/IP 安全特征问题漏洞 | |
| CVE-2020-27631 | Oryx Embedded CycloneTCP ISN 安全特征问题漏洞 | |
| CVE-2020-27633 | FNET software 安全特征问题漏洞 | |
| CVE-2020-27634 | Contiki 安全特征问题漏洞 | |
| CVE-2023-44959 | D-Link DSL-3782 命令注入漏洞 | |
| CVE-2020-27636 | Microchip MPLAB Net 安全特征问题漏洞 | |
| CVE-2023-44763 | PortlandLabs Concrete CMS 代码问题漏洞 | |
| CVE-2023-45208 | D-Link DAP-X1860 命令注入漏洞 | |
| CVE-2023-44846 | SeaCMS 安全漏洞 | |
| CVE-2023-44847 | SeaCMS 安全漏洞 | |
| CVE-2023-44848 | SeaCMS 安全漏洞 | |
| CVE-2020-18336 | Typora 跨站脚本漏洞 | |
| CVE-2023-42189 | Matter 安全漏洞 |
Showing top 20 of 23 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2023-44487
No comments yet