HTTP/2 Protocol Vulnerability Allows for Rapid Stream Cancellation and Denial of Service Attacks
CVE-2023-44487

7.5HIGH

Key Information:

Vendor
Ietf
Status
Http
Vendor
CVE Published:
10 October 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 80%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulnerability has been observed in real-world scenarios between August and October 2023, prompting urgent response measures across multiple platforms and server technologies. Organizations utilizing affected products must evaluate their configurations to implement mitigations and safeguard against potential attacks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-44487
Created by bcdannyboy

CVE-2023-44487
Created by imabee101

rapidresetclient
Created by secengjeff

News Articles

favicon imageHelp Net Security

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) - Help Net Security

HTTP/2 Rapid Reset (CVE-2023-44487), a zero-day vulnerability has been used to mount massive, high-volume DDoS attacks.

References

https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b...
https://blog.cloudflare.com/technical-breakdown-http2-rap...
https://aws.amazon.com/security/security-bulletins/AWS-20...

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.