CVE-2023-44487
📋 TL;DR
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, including web servers, load balancers, and reverse proxies. The vulnerability was actively exploited in the wild from August to October 2023.
💻 Affected Systems
- nginx
- Apache HTTP Server
- HAProxy
- Envoy
- Traefik
- Microsoft IIS
- Go HTTP/2 implementation
- Node.js HTTP/2 module
- Java HTTP/2 implementations
- Cloudflare
- AWS ALB
- Google Cloud Load Balancer
📦 What is this software?
.net by Microsoft
.net by Microsoft
Advanced Cluster Management For Kubernetes by Redhat
View all CVEs affecting Advanced Cluster Management For Kubernetes →
Apisix by Apache
Armeria by Linecorp
Asp.net Core by Microsoft
Asp.net Core by Microsoft
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Advanced Web Application Firewall by F5
View all CVEs affecting Big Ip Advanced Web Application Firewall →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Acceleration Manager by F5
View all CVEs affecting Big Ip Application Acceleration Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Security Manager by F5
View all CVEs affecting Big Ip Application Security Manager →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Application Visibility And Reporting by F5
View all CVEs affecting Big Ip Application Visibility And Reporting →
Big Ip Next Service Proxy For Kubernetes by F5
View all CVEs affecting Big Ip Next Service Proxy For Kubernetes →
Caddy by Caddyserver
Cbl Mariner by Microsoft
Cert Manager Operator For Red Hat Openshift by Redhat
View all CVEs affecting Cert Manager Operator For Red Hat Openshift →
Certification For Red Hat Enterprise Linux by Redhat
View all CVEs affecting Certification For Red Hat Enterprise Linux →
Certification For Red Hat Enterprise Linux by Redhat
View all CVEs affecting Certification For Red Hat Enterprise Linux →
Contour by Projectcontour
Crosswork Zero Touch Provisioning by Cisco
Cryostat by Redhat
Envoy by Envoyproxy
Envoy by Envoyproxy
Envoy by Envoyproxy
Envoy by Envoyproxy
Fedora by Fedoraproject
Fedora by Fedoraproject
Fence Agents Remediation Operator by Redhat
Go by Golang
Go by Golang
Grpc by Grpc
Grpc by Grpc
Grpc by Grpc
Grpc by Grpc
H2o by Dena
Http by Ietf
Http2 by Golang
Http2 by Kazu Yamamoto
Integration Camel For Spring Boot by Redhat
Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xr by Cisco
Istio by Istio
Istio by Istio
Istio by Istio
Jboss Enterprise Application Platform by Redhat
View all CVEs affecting Jboss Enterprise Application Platform →
Jboss Enterprise Application Platform by Redhat
View all CVEs affecting Jboss Enterprise Application Platform →
Jenkins by Jenkins
Jenkins by Jenkins
Jetty by Eclipse
Jetty by Eclipse
Jetty by Eclipse
Jetty by Eclipse
Linkerd by Linkerd
Linkerd by Linkerd
Linkerd by Linkerd
Linkerd by Linkerd
Linkerd by Linkerd
Logging Subsystem For Red Hat Openshift by Redhat
View all CVEs affecting Logging Subsystem For Red Hat Openshift →
Machine Deletion Remediation Operator by Redhat
View all CVEs affecting Machine Deletion Remediation Operator →
Migration Toolkit For Applications by Redhat
View all CVEs affecting Migration Toolkit For Applications →
Migration Toolkit For Containers by Redhat
Migration Toolkit For Virtualization by Redhat
View all CVEs affecting Migration Toolkit For Virtualization →
Netty by Netty
Nghttp2 by Nghttp2
Node.js by Nodejs
Node.js by Nodejs
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Openresty by Openresty
Openshift by Redhat
Openshift Api For Data Protection by Redhat
Openshift Container Platform Assisted Installer by Redhat
View all CVEs affecting Openshift Container Platform Assisted Installer →
Openshift Developer Tools And Services by Redhat
View all CVEs affecting Openshift Developer Tools And Services →
Openshift Secondary Scheduler Operator by Redhat
View all CVEs affecting Openshift Secondary Scheduler Operator →
Proxygen by Facebook
Quay by Redhat
Run Once Duration Override Operator by Redhat
View all CVEs affecting Run Once Duration Override Operator →
Satellite by Redhat
Secure Dynamic Attributes Connector by Cisco
View all CVEs affecting Secure Dynamic Attributes Connector →
Solr by Apache
Telepresence Video Communication Server by Cisco
View all CVEs affecting Telepresence Video Communication Server →
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Tomcat by Apache
Traefik by Traefik
Traefik by Traefik
Traefik by Traefik
Traefik by Traefik
Ultra Cloud Core Policy Control Function by Cisco
View all CVEs affecting Ultra Cloud Core Policy Control Function →
Ultra Cloud Core Policy Control Function by Cisco
View all CVEs affecting Ultra Cloud Core Policy Control Function →
Ultra Cloud Core Serving Gateway Function by Cisco
View all CVEs affecting Ultra Cloud Core Serving Gateway Function →
Ultra Cloud Core Session Management Function by Cisco
View all CVEs affecting Ultra Cloud Core Session Management Function →
Unified Attendant Console Advanced by Cisco
View all CVEs affecting Unified Attendant Console Advanced →
Unified Contact Center Domain Manager by Cisco
View all CVEs affecting Unified Contact Center Domain Manager →
Unified Contact Center Enterprise by Cisco
Unified Contact Center Enterprise Live Data Server by Cisco
View all CVEs affecting Unified Contact Center Enterprise Live Data Server →
Unified Contact Center Management Portal by Cisco
View all CVEs affecting Unified Contact Center Management Portal →
Varnish Cache by Varnish Cache Project
Windows 10 1607 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to resource exhaustion, affecting all HTTP/2 services on the target system
Likely Case
Degraded performance, intermittent service disruptions, and increased resource utilization
If Mitigated
Minimal impact with proper rate limiting, monitoring, and updated software
🎯 Exploit Status
Active exploitation observed in the wild. Attack tools are publicly available. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by vendor - check specific vendor advisories for patched versions
Vendor Advisory: Multiple - see references in CVE description for specific vendor links
Restart Required: Yes
Instructions:
1. Identify all HTTP/2 implementations in your environment. 2. Check vendor advisories for patched versions. 3. Apply patches according to vendor instructions. 4. Restart affected services. 5. Verify patches are applied correctly.
🔧 Temporary Workarounds
Disable HTTP/2
allTemporarily disable HTTP/2 protocol support to mitigate the vulnerability
nginx: set 'listen 443 ssl http2;' to 'listen 443 ssl;' in config
Apache: set 'Protocols h2 http/1.1' to 'Protocols http/1.1' in config
Rate limit RST_STREAM frames
linuxImplement rate limiting for HTTP/2 RST_STREAM frames
nginx: limit_req_zone $binary_remote_addr zone=rst_limit:10m rate=10r/s;
Add 'limit_req zone=rst_limit burst=20 nodelay;' to location blocks
🧯 If You Can't Patch
- Implement network-level rate limiting for HTTP/2 traffic
- Use WAF or load balancer with HTTP/2 DoS protection capabilities
🔍 How to Verify
Check if Vulnerable:
Check if HTTP/2 is enabled and version is unpatched. Use: curl -I --http2 https://target.com | grep HTTP/Check Version:
nginx -v, httpd -v, haproxy -v, or check service-specific version commandsVerify Fix Applied:
Verify HTTP/2 service is running patched version. Check service version and test with known exploit tools.📡 Detection & Monitoring
Log Indicators:
- High volume of RST_STREAM frames in HTTP/2 logs
- Unusual increase in connection resets
- Resource exhaustion alerts (CPU, memory)
Network Indicators:
- Abnormal spike in HTTP/2 RST_STREAM packets
- High rate of TCP connection resets on port 443
- Unusual patterns of HTTP/2 stream cancellations
SIEM Query:
source="web_server_logs" | search "RST_STREAM" | stats count by src_ip | where count > 100🔗 References
- http://www.openwall.com/lists/oss-security/2023/10/10/6
- http://www.openwall.com/lists/oss-security/2023/10/10/7
- http://www.openwall.com/lists/oss-security/2023/10/13/4
- http://www.openwall.com/lists/oss-security/2023/10/13/9
- http://www.openwall.com/lists/oss-security/2023/10/18/4
- http://www.openwall.com/lists/oss-security/2023/10/18/8
- http://www.openwall.com/lists/oss-security/2023/10/19/6
- http://www.openwall.com/lists/oss-security/2023/10/20/8
- https://access.redhat.com/security/cve/cve-2023-44487
- https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
- https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
- https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
- https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
- https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
- https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
- https://blog.vespa.ai/cve-2023-44487/
- https://bugzilla.proxmox.com/show_bug.cgi?id=4988
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://bugzilla.suse.com/show_bug.cgi?id=1216123
- https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
- https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
- https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
- https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
- https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
- https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
- https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
- https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
- https://github.com/Azure/AKS/issues/3947
- https://github.com/Kong/kong/discussions/11741
- https://github.com/advisories/GHSA-qppj-fm5r-hxr3
- https://github.com/advisories/GHSA-vx74-f528-fxqg
- https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
- https://github.com/akka/akka-http/issues/4323
- https://github.com/alibaba/tengine/issues/1872
- https://github.com/apache/apisix/issues/10320
- https://github.com/apache/httpd-site/pull/10
- https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
- https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
- https://github.com/apache/trafficserver/pull/10564
- https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
- https://github.com/bcdannyboy/CVE-2023-44487
- https://github.com/caddyserver/caddy/issues/5877
- https://github.com/caddyserver/caddy/releases/tag/v2.7.5
- https://github.com/dotnet/announcements/issues/277
- https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
- https://github.com/eclipse/jetty.project/issues/10679
- https://github.com/envoyproxy/envoy/pull/30055
- https://github.com/etcd-io/etcd/issues/16740
- https://github.com/facebook/proxygen/pull/466
- https://github.com/golang/go/issues/63417
- https://github.com/grpc/grpc-go/pull/6703
- https://github.com/grpc/grpc/releases/tag/v1.59.2
- https://github.com/h2o/h2o/pull/3291
- https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
- https://github.com/haproxy/haproxy/issues/2312
- https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
- https://github.com/junkurihara/rust-rpxy/issues/97
- https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
- https://github.com/kazu-yamamoto/http2/issues/93
- https://github.com/kubernetes/kubernetes/pull/121120
- https://github.com/line/armeria/pull/5232
- https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
- https://github.com/micrictor/http2-rst-stream
- https://github.com/microsoft/CBL-Mariner/pull/6381
- https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
- https://github.com/nghttp2/nghttp2/pull/1961
- https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
- https://github.com/ninenines/cowboy/issues/1615
- https://github.com/nodejs/node/pull/50121
- https://github.com/openresty/openresty/issues/930
- https://github.com/opensearch-project/data-prepper/issues/3474
- https://github.com/oqtane/oqtane.framework/discussions/3367
- https://github.com/projectcontour/contour/pull/5826
- https://github.com/tempesta-tech/tempesta/issues/1986
- https://github.com/varnishcache/varnish-cache/issues/3996
- https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
- https://istio.io/latest/news/security/istio-security-2023-004/
- https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
- https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
- https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
- https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
- https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
- https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
- https://my.f5.com/manage/s/article/K000137106
- https://netty.io/news/2023/10/10/4-1-100-Final.html
- https://news.ycombinator.com/item?id=37830987
- https://news.ycombinator.com/item?id=37830998
- https://news.ycombinator.com/item?id=37831062
- https://news.ycombinator.com/item?id=37837043
- https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
- https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
- https://security.gentoo.org/glsa/202311-09
- https://security.netapp.com/advisory/ntap-20231016-0001/
- https://security.netapp.com/advisory/ntap-20240426-0007/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://security.paloaltonetworks.com/CVE-2023-44487
- https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
- https://ubuntu.com/security/CVE-2023-44487
- https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
- https://www.debian.org/security/2023/dsa-5521
- https://www.debian.org/security/2023/dsa-5522
- https://www.debian.org/security/2023/dsa-5540
- https://www.debian.org/security/2023/dsa-5549
- https://www.debian.org/security/2023/dsa-5558
- https://www.debian.org/security/2023/dsa-5570
- https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
- https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
- https://www.openwall.com/lists/oss-security/2023/10/10/6
- https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
- https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
- http://www.openwall.com/lists/oss-security/2023/10/13/4
- http://www.openwall.com/lists/oss-security/2023/10/13/9
- http://www.openwall.com/lists/oss-security/2023/10/18/4
- http://www.openwall.com/lists/oss-security/2023/10/18/8
- http://www.openwall.com/lists/oss-security/2023/10/19/6
- http://www.openwall.com/lists/oss-security/2023/10/20/8
- http://www.openwall.com/lists/oss-security/2025/08/13/6
- https://access.redhat.com/security/cve/cve-2023-44487
- https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
- https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
- https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
- https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
- https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
- https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
- https://blog.vespa.ai/cve-2023-44487/
- https://bugzilla.proxmox.com/show_bug.cgi?id=4988
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://bugzilla.suse.com/show_bug.cgi?id=1216123
- https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
- https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
- https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
- https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
- https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
- https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
- https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
- https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
- https://github.com/Azure/AKS/issues/3947
- https://github.com/Kong/kong/discussions/11741
- https://github.com/advisories/GHSA-qppj-fm5r-hxr3
- https://github.com/advisories/GHSA-vx74-f528-fxqg
- https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
- https://github.com/akka/akka-http/issues/4323
- https://github.com/alibaba/tengine/issues/1872
- https://github.com/apache/apisix/issues/10320
- https://github.com/apache/httpd-site/pull/10
- https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
- https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
- https://github.com/apache/trafficserver/pull/10564
- https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
- https://github.com/bcdannyboy/CVE-2023-44487
- https://github.com/caddyserver/caddy/issues/5877
- https://github.com/caddyserver/caddy/releases/tag/v2.7.5
- https://github.com/dotnet/announcements/issues/277
- https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
- https://github.com/eclipse/jetty.project/issues/10679
- https://github.com/envoyproxy/envoy/pull/30055
- https://github.com/etcd-io/etcd/issues/16740
- https://github.com/facebook/proxygen/pull/466
- https://github.com/golang/go/issues/63417
- https://github.com/grpc/grpc-go/pull/6703
- https://github.com/h2o/h2o/pull/3291
- https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
- https://github.com/haproxy/haproxy/issues/2312
- https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
- https://github.com/junkurihara/rust-rpxy/issues/97
- https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
- https://github.com/kazu-yamamoto/http2/issues/93
- https://github.com/kubernetes/kubernetes/pull/121120
- https://github.com/line/armeria/pull/5232
- https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
- https://github.com/micrictor/http2-rst-stream
- https://github.com/microsoft/CBL-Mariner/pull/6381
- https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
- https://github.com/nghttp2/nghttp2/pull/1961
- https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
- https://github.com/ninenines/cowboy/issues/1615
- https://github.com/nodejs/node/pull/50121
- https://github.com/openresty/openresty/issues/930
- https://github.com/opensearch-project/data-prepper/issues/3474
- https://github.com/oqtane/oqtane.framework/discussions/3367
- https://github.com/projectcontour/contour/pull/5826
- https://github.com/tempesta-tech/tempesta/issues/1986
- https://github.com/varnishcache/varnish-cache/issues/3996
- https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
- https://istio.io/latest/news/security/istio-security-2023-004/
- https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
- https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
- https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
- https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
- https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
- https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
- https://my.f5.com/manage/s/article/K000137106
- https://netty.io/news/2023/10/10/4-1-100-Final.html
- https://news.ycombinator.com/item?id=37830987
- https://news.ycombinator.com/item?id=37830998
- https://news.ycombinator.com/item?id=37831062
- https://news.ycombinator.com/item?id=37837043
- https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
- https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
- https://security.gentoo.org/glsa/202311-09
- https://security.netapp.com/advisory/ntap-20231016-0001/
- https://security.netapp.com/advisory/ntap-20240426-0007/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.netapp.com/advisory/ntap-20240621-0007/
- https://security.paloaltonetworks.com/CVE-2023-44487
- https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
- https://ubuntu.com/security/CVE-2023-44487
- https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
- https://www.debian.org/security/2023/dsa-5521
- https://www.debian.org/security/2023/dsa-5522
- https://www.debian.org/security/2023/dsa-5540
- https://www.debian.org/security/2023/dsa-5549
- https://www.debian.org/security/2023/dsa-5558
- https://www.debian.org/security/2023/dsa-5570
- https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
- https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
- https://www.openwall.com/lists/oss-security/2023/10/10/6
- https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
- https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
- https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487
