CVE-2023-44487
Summary
| CVE | CVE-2023-44487 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-10 14:15:10 UTC |
| Updated | 2026-05-12 15:10:32 UTC |
| Description | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.944450000 probability, percentile 0.999910000 (date 2026-05-11)
CISA KEV: Listed on 2023-10-10; due 2023-10-31; ransomware use Unknown
Problem Types: NVD-CWE-noinfo | CWE-400 | n/a | CWE-400 CWE-400 Uncontrolled Resource Consumption
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA Known Exploited Vulnerability
| Vendor | IETF |
|---|---|
| Product | HTTP/2 |
| Name | HTTP/2 Rapid Reset Attack Vulnerability |
| Required Action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Notes | This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eclipse | Jetty | All | All | All | All |
| Application | Envoyproxy | Envoy | 1.24.10 | All | All | All |
| Application | Envoyproxy | Envoy | 1.25.9 | All | All | All |
| Application | Envoyproxy | Envoy | 1.26.4 | All | All | All |
| Application | Envoyproxy | Envoy | 1.27.0 | All | All | All |
| Application | Ietf | Http | 2.0 | All | All | All |
| Application | Netty | Netty | All | All | All | All |
| Application | Nghttp2 | Nghttp2 | All | All | All | All |
| Hardware | Siemens | Ruggedcom Ape1808 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Ape1808 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic S7-1500 Cpu 1518-4 Pn/dp | - | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu 1518-4 Pn/dp Mfp Firmware | All | All | All | All |
| Hardware | Siemens | Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp | - | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp Firmware | All | All | All | All |
| Application | Siemens | Sinec Ins | All | All | All | All |
| Application | Siemens | Sinec Ins | 1.0 | - | All | All |
| Application | Siemens | Sinec Ins | 1.0 | sp1 | All | All |
| Application | Siemens | Sinec Ins | 1.0 | sp2 | All | All |
| Application | Siemens | Sinec Ins | 1.0 | sp2_update_1 | All | All |
| Application | Siemens | Sinec Ins | 1.0 | sp2_update_2 | All | All |
| Application | Siemens | Sinec Nms | All | All | All | All |
| Hardware | Siemens | Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp | - | All | All | All |
| Operating System | Siemens | Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp Firmware | All | All | All | All |
| Application | Siemens | St7 Scadaconnect | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Ietf | Http | affected 2.0 | Not specified |
| ADP | Siemens | RUGGEDCOM APE1808 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SINEC NMS | affected V3.0 custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| HTTP/2 Rapid Reset : CVE-2023-44487 · Issue #5877 · caddyserver/caddy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Vendor Advisory |
| [SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| Limit max reset frames to mitigate HTTP/2 RST floods by ikhoon · Pull Request #5232 · line/armeria · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| [SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| cve-details | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Vendor Advisory |
| [SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| How Linkerd became resilient to CVE-2023-44487, a HTTP/2 DDOS vulnerability, six months prior to its disclosure | Linkerd | af854a3a-2127-422b-91ae-364da2661108 | linkerd.io | Vendor Advisory |
| Release v2.7.5 · caddyserver/caddy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes, Third Party Advisory |
| Istio / ISTIO-SECURITY-2023-004 | af854a3a-2127-422b-91ae-364da2661108 | istio.io | Vendor Advisory |
| [SECURITY] [DLA 3641-1] jetty9 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| CVE-2023-44487 | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | Vendor Advisory |
| Debian -- Security Information -- DSA-5540-1 jetty9 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| Is Traefik vulnerable to CVE-2023-44487? - Traefik v2 (latest) - Traefik Labs Community Forum | af854a3a-2127-422b-91ae-364da2661108 | community.traefik.io | Vendor Advisory |
| [SECURITY] Fedora 38 Update: mcrouter-0.41.0.20231016-1.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| HTTP/2 Rapid Reset: deconstructing the record-breaking attack | af854a3a-2127-422b-91ae-364da2661108 | blog.cloudflare.com | Technical Description, Vendor Advisory |
| CVE-2023-44487 HTTP/2 Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2023/10/10/7 | [email protected] | www.openwall.com | Mailing List, Third Party Advisory |
| CVE-2023-44487 issue/fix? · Issue #930 · openresty/openresty · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| [SECURITY] Fedora 37 Update: mod_http2-2.0.25-1.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| ver bump up · kazu-yamamoto/http2@f61d41a · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) - Security - HashiCorp Discuss | af854a3a-2127-422b-91ae-364da2661108 | discuss.hashicorp.com | Third Party Advisory |
| HTTP/2 Rapid Reset Attack Impacting NGINX Products - NGINX | af854a3a-2127-422b-91ae-364da2661108 | www.nginx.com | Mitigation, Vendor Advisory |
| github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset · GHSA-vx74-f528-fxqg · GitHub Advisory Database · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Mitigation, Patch, Vendor Advisory |
| Google mitigated the largest DDoS attack to date, peaking above 398M rps | Hacker News | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| Swift-nio-http2 security update: CVE-2023-44487 HTTP/2 DOS - SwiftNIO - Swift Forums | af854a3a-2127-422b-91ae-364da2661108 | forums.swift.org | Vendor Advisory |
| io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack · GHSA-xpw8-rcwv-8f8p · GitHub Advisory Database · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Vendor Advisory |
| Handling of CVE-2023-44487 / HTTP2 Rapid Reset · Issue #3996 · varnishcache/varnish-cache · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| GitHub - bcdannyboy/CVE-2023-44487: Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Third Party Advisory |
| deps: update nghttp2 to 1.57.0 by jasnell · Pull Request #50121 · nodejs/node · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| CVE-2023-44487: Distributed Denial of Service (DDoS) Attacks against HTTP/2 · Issue #3947 · Azure/AKS · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| Debian -- Security Information -- DSA-5522-1 tomcat9 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Vendor Advisory |
| server: prohibit more than MaxConcurrentStreams handlers from running at once by dfawley · Pull Request #6703 · grpc/grpc-go · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| www.debian.org/security/2023/dsa-5570 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Biggest DDoSes of all time generated by protocol 0-day in HTTP/2 | Ars Technica | af854a3a-2127-422b-91ae-364da2661108 | arstechnica.com | Press/Media Coverage, Third Party Advisory |
| github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mo... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| Using HTTP/3 Stream Limits in HTTP/2 | af854a3a-2127-422b-91ae-364da2661108 | martinthomson.github.io | Third Party Advisory |
| [SECURITY] [DLA 3645-1] trafficserver security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| [SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| oss-security - CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| Netty.news: Netty 4.1.100.Final released | af854a3a-2127-422b-91ae-364da2661108 | netty.io | Release Notes, Vendor Advisory |
| github.com/arkrwn/PoC/tree/main/CVE-2023-44487 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Vendor Advisory |
| [SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| [Announcement] CVE-2023-44487 (HTTP/2 Rapid Reset Attack) does not affect `rpxy` · Issue #97 · junkurihara/rust-rpxy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| help request: What's the action for CVE-2023-44487 ? · Issue #10320 · apache/apisix · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| Go: Multiple Vulnerabilities (GLSA 202311-09) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| [SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/rel... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product, Release Notes |
| [SECURITY] Fedora 37 Update: nghttp2-1.51.0-2.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| CVE-2023-44487 - HTTP/2 Rapid Reset Attack | af854a3a-2127-422b-91ae-364da2661108 | aws.amazon.com | Third Party Advisory |
| [SECURITY] Fedora 38 Update: trafficserver-9.2.3-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| swift-nio-http2 vulnerable to HTTP/2 Stream Cancellation Attack · CVE-2023-44487 · GitHub Advisory Database · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Vendor Advisory |
| h2 RST bug aka CVE-2023-44487 · Issue #2312 · haproxy/haproxy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| CVE-2023-44487 HTTP/2 Rapid Reset Attack | Qualys Security Blog | af854a3a-2127-422b-91ae-364da2661108 | blog.qualys.com | Press/Media Coverage, Third Party Advisory |
| security.netapp.com/advisory/ntap-20240621-0007 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| [SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product, Third Party Advisory |
| HTTP2 Rapid Reset - CVE-2023-44487 · Kong/kong · Discussion #11741 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| github.com/grpc/grpc/releases/tag/v1.59.2 | [email protected] | github.com | Mailing List |
| Debian -- Security Information -- DSA-5521-1 tomcat10 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Vendor Advisory |
| [SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 38 Update: mod_http2-2.0.25-1.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| initial draft of CVE-2023-44487 blog post by wmorgan · Pull Request #1695 · linkerd/website · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| [SECURITY] [DLA 3621-1] nghttp2 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| [security] Go 1.21.3 and Go 1.20.10 are released | af854a3a-2127-422b-91ae-364da2661108 | groups.google.com | Mailing List, Release Notes, Vendor Advisory |
| HTTP/2 Rapid Reset DDoS Attack · GitHub | af854a3a-2127-422b-91ae-364da2661108 | gist.github.com | Issue Tracking, Patch |
| 4988 – HTTP/2 Rapid Reset : CVE-2023-44487 | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.proxmox.com | Issue Tracking, Third Party Advisory |
| ports - FreeBSD ports tree | af854a3a-2127-422b-91ae-364da2661108 | cgit.freebsd.org | Mailing List, Patch, Vendor Advisory |
| Google Cloud mitigated largest DDoS attack, peaking above 398 million rps | Google Cloud Blog | af854a3a-2127-422b-91ae-364da2661108 | cloud.google.com | Technical Description, Vendor Advisory |
| HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response - Open Source Security Foundation | af854a3a-2127-422b-91ae-364da2661108 | openssf.org | Third Party Advisory |
| HAProxy is not affected by the HTTP/2 Rapid Reset Attack | Hacker News | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| Security Update Guide - Microsoft Security Response Center | af854a3a-2127-422b-91ae-364da2661108 | msrc.microsoft.com | Mitigation, Patch, Vendor Advisory |
| 1216123 – (CVE-2023-44487) VUL-0: CVE-2023-44487: TRACKER-BUG: HTTP/2 Rapid Reset Attack | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.suse.com | Issue Tracking, Vendor Advisory |
| Document non-impact of CVE-2023-44487 by raboof · Pull Request #10 · apache/httpd-site · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks | af854a3a-2127-422b-91ae-364da2661108 | blog.cloudflare.com | Third Party Advisory, Vendor Advisory |
| [SECURITY] Fedora 37 Update: nodejs18-18.18.2-1.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| Microsoft Security Advisory CVE-2023-44487: .NET Denial of Service Vulnerability · Issue #277 · dotnet/announcements · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Mitigation, Vendor Advisory |
| [SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| Rework session management by tatsuhiro-t · Pull Request #1961 · nghttp2/nghttp2 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| Is Cowboy affected by the HTTP/2 Rapid Reset attack? · Issue #1615 · ninenines/cowboy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | Mailing List |
| Fix for nginx and golang for CVE-2023-44487 by ddstreetmicrosoft · Pull Request #6381 · microsoft/CBL-Mariner · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| [SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| security.netapp.com/advisory/ntap-20240621-0006 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Exploit, Third Party Advisory |
| www.openwall.com/lists/oss-security/2025/08/13/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Third Party Advisory |
| New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records | af854a3a-2127-422b-91ae-364da2661108 | www.bleepingcomputer.com | Third Party Advisory |
| Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 | MSRC Blog | Microsoft Security Response Center | af854a3a-2127-422b-91ae-364da2661108 | msrc.microsoft.com | Patch, Vendor Advisory |
| cert-portal.siemens.com/productcert/html/ssa-832273.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| [SECURITY] Fedora 38 Update: nghttp2-1.52.0-2.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| cert-portal.siemens.com/productcert/html/ssa-915275.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| HTTP/2 "Rapid Reset" DDoS Attack Disclosed By Google, Cloudflare & AWS - Phoronix | af854a3a-2127-422b-91ae-364da2661108 | www.phoronix.com | Press/Media Coverage |
| [http2] rapid reset attack by kazuho · Pull Request #3291 · h2o/h2o · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| [SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| HTTP/2 Rapid Reset (CVE-2023-44487) | Vespa Blog | af854a3a-2127-422b-91ae-364da2661108 | blog.vespa.ai | Vendor Advisory |
| GitHub - micrictor/http2-rst-stream | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Third Party Advisory |
| Debian -- Security Information -- DSA-5549-1 trafficserver | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Third Party Advisory |
| github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/mo... | af854a3a-2127-422b-91ae-364da2661108 | github.com | Product |
| HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks | Hacker News | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking, Press/Media Coverage |
| How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog | af854a3a-2127-422b-91ae-364da2661108 | cloud.google.com | Technical Description, Vendor Advisory |
| [SECURITY] Fedora 38 Update: trafficserver-9.2.3-1.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 39 Update: nodejs18-18.18.2-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| Set stream limits for HTTP2 protocol - CVE CVE-2023-44487 by akshaysngupta · Pull Request #5826 · projectcontour/contour · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| Release nghttp2 v1.57.0 · nghttp2/nghttp2 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Release Notes |
| Rapid Reset HTTP/2 Vulnerablilty ⋆ LiteSpeed Blog | af854a3a-2127-422b-91ae-364da2661108 | blog.litespeedtech.com | Vendor Advisory |
| [SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| cert-portal.siemens.com/productcert/html/ssa-341067.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| [SECURITY] Fedora 37 Update: trafficserver-9.2.3-1.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| lists.debian.org/debian-lts-announce/2023/11/msg00012.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) · Issue #63417 · golang/go · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| [SECURITY] Fedora 39 Update: mod_http2-2.0.25-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| security.netapp.com/advisory/ntap-20240426-0007 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| Prevent rapid reset http2 DOS on API server by enj · Pull Request #121120 · kubernetes/kubernetes · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| http: Fix CVE CVE-2023-44487 by phlax · Pull Request #30055 · envoyproxy/envoy · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| Apache Tomcat® - Apache Tomcat 10 vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | tomcat.apache.org | Release Notes |
| [SECURITY] Fedora 38 Update: nodejs18-18.18.2-1.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| Re-sync with internal repository following CVE-2023-44487 by facebook-github-bot · Pull Request #466 · facebook/proxygen · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| oss-security - CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| CVE-2023-44487 · Issue #4323 · akka/akka-http · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487) | af854a3a-2127-422b-91ae-364da2661108 | www.haproxy.com | Third Party Advisory, Vendor Advisory |
| www.debian.org/security/2023/dsa-5558 | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Third Party Advisory |
| CVE-2023-44487 (High) detected in multiple libraries · Issue #3474 · opensearch-project/data-prepper · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| [SECURITY] Fedora 39 Update: mvfst-2023.10.16.00-1.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA | af854a3a-2127-422b-91ae-364da2661108 | www.cisa.gov | Third Party Advisory, US Government Resource |
| www.openwall.com/lists/oss-security/2023/10/10/6 | [email protected] | www.openwall.com | Mailing List, Third Party Advisory |
| Does this recent http2 CVE affect this package? · Issue #93 · kazu-yamamoto/http2 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| [PATCH] HTTP/2: per-iteration stream handling limit | af854a3a-2127-422b-91ae-364da2661108 | mailman.nginx.org | Mailing List, Patch, Third Party Advisory |
| Merge pull request from GHSA-xpw8-rcwv-8f8p · netty/netty@58f75f6 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| [SECURITY] Fedora 37 Update: trafficserver-9.2.3-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS yet • The Register | af854a3a-2127-422b-91ae-364da2661108 | www.theregister.com | Press/Media Coverage, Third Party Advisory |
| [SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| Resets, Leaks, DDoS and the Tale of a Hidden CVE - Edgio | af854a3a-2127-422b-91ae-364da2661108 | edg.io | Broken Link |
| [SECURITY] Fedora 39 Update: mvfst-2023.10.16.00-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| [SECURITY] [DLA 3617-2] tomcat9 regression update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| cert-portal.siemens.com/productcert/html/ssa-784301.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| .NET 7 security vulernability Kestrel Server HTTP/2 · oqtane/oqtane.framework · Discussion #3367 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| oss-security - Vulnerability in Jenkins | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 37 Update: mod_http2-2.0.25-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| HTTP/2 Rapid Reset · Advisory · h2o/h2o · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Vendor Advisory |
| sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-... | [email protected] | sec.cloudapps.cisco.com | Vendor Advisory |
| [SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | Mailing List |
| myF5 | af854a3a-2127-422b-91ae-364da2661108 | my.f5.com | Vendor Advisory |
| [SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] Fedora 39 Update: mod_http2-2.0.25-1.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| [SECURITY] [DLA 3617-1] tomcat9 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| hyper HTTP/2 Rapid Reset Attack: Unaffected - seanmonstar | af854a3a-2127-422b-91ae-364da2661108 | seanmonstar.com | Third Party Advisory |
| Add an HTTP/2 related rate limiting by maskit · Pull Request #10564 · apache/trafficserver · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| [SECURITY] [DLA 3638-1] h2o security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| oss-security - Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| HTTP/2 Rapid Reset DDoS Mitigaton · Issue #1986 · tempesta-tech/tempesta · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| Netlify Successfully Mitigates CVE-2023-44487 | af854a3a-2127-422b-91ae-364da2661108 | www.netlify.com | Vendor Advisory |
| CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) | af854a3a-2127-422b-91ae-364da2661108 | security.paloaltonetworks.com | Vendor Advisory |
| www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-unders... | af854a3a-2127-422b-91ae-364da2661108 | www.vicarius.io | Third Party Advisory |
| CVE-2023-44487: HTTP/2 Rapid Reset Attack · Issue #1872 · alibaba/tengine · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| The novel HTTP/2 'Rapid Reset' DDoS attack | Hacker News | af854a3a-2127-422b-91ae-364da2661108 | news.ycombinator.com | Issue Tracking |
| Resolve CVE-2023-44487 · Issue #16740 · etcd-io/etcd · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch |
| 2242803 – (CVE-2023-44487) CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| Allow HTTP/2 rate control to mitigate HTTP/2 floods (CVE-2023-44487) · Issue #10679 · eclipse/jetty.project · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking |
| [SECURITY] Fedora 37 Update: nghttp2-1.51.0-2.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List |
| Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event | af854a3a-2127-422b-91ae-364da2661108 | www.darkreading.com | Press/Media Coverage, Third Party Advisory |
| Prague side meeting: HTTP/2 concurrency and request cancellation (CVE-2023-44487) from Mark Nottingham on 2023-10-10 ([email protected] from October to December 2023) | af854a3a-2127-422b-91ae-364da2661108 | lists.w3.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 37 Update: folly-2023.10.16.00-1.fc37 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Stefan Eissing: "More details: httpd keeps a „mood“ counter for ea…" - chaos.social | MITRE | chaos.social | |
| Pick a default for HTTP/2 server max concurrent streams · Issue #3337 · hyperium/hyper · GitHub | MITRE | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2023-10-10T00:00:00.000Z | CVE-2023-44487 added to CISA KEV |
Legacy QID Mappings
- 150732 Apache Tomcat Multiple Vulnerabilities (CVE-2023-42795, CVE-2023-44487, CVE-2023-45648)
- 160986 Oracle Enterprise Linux Security Update for nginx:1.22 (ELSA-2023-5713)
- 160988 Oracle Enterprise Linux Security Update for nginx:1.20 (ELSA-2023-5712)
- 160990 Oracle Enterprise Linux Security Update for nginx (ELSA-2023-5711)
- 160992 Oracle Enterprise Linux Security Update for dotnet6.0 (ELSA-2023-5708)
- 160993 Oracle Enterprise Linux Security Update for dotnet6.0 (ELSA-2023-5710)
- 160995 Oracle Enterprise Linux Security Update for .net 7.0 (ELSA-2023-5749)
- 160996 Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2023-5721)
- 160998 Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2023-5738)
- 161002 Oracle Enterprise Linux Security Update for dotnet7.0 (ELSA-2023-5709)
- 161003 Oracle Enterprise Linux Security Update for nghttp2 (ELSA-2023-5837)
- 161004 Oracle Enterprise Linux Security Update for nghttp2 (ELSA-2023-5838)
- 161006 Oracle Enterprise Linux Security Update for nodejs (ELSA-2023-5765)
- 161007 Oracle Enterprise Linux Security Update for 18 (ELSA-2023-5849)
- 161009 Oracle Enterprise Linux Security Update for grafana (ELSA-2023-5867)
- 161010 Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2023-5869)
- 161011 Oracle Enterprise Linux Security Update for grafana (ELSA-2023-5863)
- 161012 Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2023-5850)
- 161013 Oracle Enterprise Linux Security Update for tomcat (ELSA-2023-5929)
- 161017 Oracle Enterprise Linux Security Update for varnish (ELSA-2023-5989)
- 161018 Oracle Enterprise Linux Security Update for varnish (ELSA-2023-5924)
- 161021 Oracle Enterprise Linux Security Update for tomcat (ELSA-2023-5928)
- 161025 Oracle Enterprise Linux Security Update for nginx:1.22 (ELSA-2023-6120)
- 161071 Oracle Enterprise Linux Security Update for nghttp2 (ELSA-2023-6746)
- 161192 Oracle Enterprise Linux Security Update for nodejs:20 (ELSA-2023-7205)
- 161216 Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13029)
- 161217 Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13028)
- 161254 Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13053)
- 161255 Oracle Enterprise Linux Security Update for conmon (ELSA-2023-13054)
- 161431 Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2024-1444)
- 199823 Ubuntu Security Notification for .NET Vulnerability (USN-6427-1)
- 199905 Ubuntu Security Notification for .NET Vulnerabilities (USN-6438-1)
- 199910 Ubuntu Security Notification for .NET Vulnerability (USN-6427-2)
- 199941 Ubuntu Security Notification for nghttp2 Vulnerability (USN-6505-1)
- 200040 Ubuntu Security Notification for Go Vulnerabilities (USN-6574-1)
- 20399 Oracle Database 19c Critical OJVM Patch Update - January 2024
- 20400 Oracle Database 19c Critical Patch Update - January 2024
- 20401 Oracle Database 21c Critical Patch Update - January 2024
- 242166 Red Hat Update for nginx (RHSA-2023:5714)
- 242167 Red Hat Update for rh-dotnet60-dotnet security (RHSA-2023:5705)
- 242168 Red Hat Update for dotnet6.0 (RHSA-2023:5706)
- 242169 Red Hat Update for nginx:1.20 (RHSA-2023:5715)
- 242170 Red Hat Update for dotnet6.0 (RHSA-2023:5710)
- 242171 Red Hat Update for dotnet6.0 (RHSA-2023:5708)
- 242172 Red Hat Update for dotnet6.0 (RHSA-2023:5707)
- 242173 Red Hat Update for go-toolset:rhel8 (RHSA-2023:5721)
- 242174 Red Hat Update for rh-nginx120-nginx (RHSA-2023:5720)
- 242175 Red Hat Update for .net 7.0 (RHSA-2023:5749)
- 242176 Red Hat Update for go-toolset and golang (RHSA-2023:5738)
- 242177 Red Hat Update for nghttp2 (RHSA-2023:5769)
- 242178 Red Hat Update for nghttp2 (RHSA-2023:5768)
- 242181 Red Hat Update for nodejs (RHSA-2023:5764)
- 242182 Red Hat Update for nodejs (RHSA-2023:5765)
- 242184 Red Hat Update for nghttp2 (RHSA-2023:5766)
- 242189 Red Hat Update for nodejs:16 (RHSA-2023:5803)
- 242193 Red Hat Update for rhc-worker-script enhancement and (RHSA-2023:5835)
- 242194 Red Hat Update for rh-nodejs14 (RHSA-2023:5840)
- 242195 Red Hat Update for nghttp2 (RHSA-2023:5838)
- 242196 Red Hat Update for httpd24-httpd (RHSA-2023:5841)
- 242197 Red Hat Update for nghttp2 (RHSA-2023:5837)
- 242198 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:5679)
- 242206 Red Hat Update for nodejs:16 (RHSA-2023:5850)
- 242208 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:5717)
- 242212 Red Hat Update for grafana (RHSA-2023:5866)
- 242214 Red Hat Update for grafana (RHSA-2023:5864)
- 242219 Red Hat Update for grafana (RHSA-2023:5863)
- 242222 Red Hat Update for JBoss Enterprise Application Platform 7.4 (RHSA-2023:5920)
- 242224 Red Hat Update for varnish (RHSA-2023:5924)
- 242225 Red Hat Update for varnish (RHSA-2023:5930)
- 242226 Red Hat Update for tomcat (RHSA-2023:5928)
- 242228 Red Hat Update for OpenStack Platform 17.1.1 (RHSA-2023:5969)
- 242229 Red Hat Update for Satellite 6.11.5.6 (RHSA-2023:5980)
- 242230 Red Hat Update for Satellite 6.12.5.2 (RHSA-2023:5979)
- 242231 Red Hat Update for varnish (RHSA-2023:5989)
- 242234 Red Hat Update for varnish:6 (RHSA-2023:6020)
- 242237 Red Hat Update for varnish:6 (RHSA-2023:6023)
- 242238 Red Hat Update for varnish:6 (RHSA-2023:6022)
- 242239 Red Hat Update for varnish:6 (RHSA-2023:6021)
- 242241 Red Hat Update for toolbox (RHSA-2023:6057)
- 242244 Red Hat Update for toolbox (RHSA-2023:6077)
- 242245 Red Hat Update for nginx:1.22 (RHSA-2023:6120)
- 242246 Red Hat Update for JBoss Core Services (RHSA-2023:6105)
- 242307 Red Hat Update for nghttp2 (RHSA-2023:6746)
- 242347 Red Hat Update for Satellite 6.14 (RHSA-2023:6818)
- 242351 Red Hat Update for nginx:1.20 (RHSA-2023:5712)
- 242357 Red Hat Update for OpenStack Platform 17.1.1 (RHSA-2023:5970)
- 242362 Red Hat Update for grafana (RHSA-2023:5867)
- 242363 Red Hat Update for Satellite 6.13.5 (RHSA-2023:5931)
- 242365 Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5964)
- 242367 Red Hat Update for nghttp2 (RHSA-2023:5770)
- 242370 Red Hat Update for dotnet7.0 (RHSA-2023:5709)
- 242373 Red Hat Update for nginx (RHSA-2023:5711)
- 242374 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)
- 242376 Red Hat Update for nodejs:18 (RHSA-2023:5849)
- 242378 Red Hat Update for OpenStack Platform 16.1.9 (RHSA-2023:5967)
- 242381 Red Hat Update for OpenStack Platform 16.2.5 (RHSA-2023:5965)
- 242385 Red Hat Update for nodejs:18 (RHSA-2023:5869)
- 242387 Red Hat Update for nginx:1.22 (RHSA-2023:5713)
- 242391 Red Hat Update for tomcat (RHSA-2023:5929)
- 242394 Red Hat Update for nghttp2 (RHSA-2023:5767)
- 242401 Red Hat Update for grafana (RHSA-2023:5865)
- 242429 Red Hat Update for nodejs:20 (RHSA-2023:7205)
- 242464 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
- 242465 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6839)
- 242479 Red Hat Update for rh-varnish6-varnish (RHSA-2023:7334)
- 242493 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:7325)
- 242533 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:7481)
- 242542 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 9 (RHSA-2023:7639)
- 242543 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 8 (RHSA-2023:7638)
- 242551 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:7610)
- 242565 Red Hat Update for JBoss Enterprise Application Platform 7.4.1 on RHEL 7 (RHSA-2023:7637)
- 243104 Red Hat Update for nodejs:16 (RHSA-2024:1444)
- 284629 Fedora Security Update for nghttp2 (FEDORA-2023-ed2642fd58)
- 284641 Fedora Security Update for trafficserver (FEDORA-2023-5ff7bf1dd8)
- 284643 Fedora Security Update for trafficserver (FEDORA-2023-54fadada12)
- 284656 Fedora Security Update for mod_http2 (FEDORA-2023-0259c3f26f)
- 284658 Fedora Security Update for cachelib (FEDORA-2023-2a9214af5f)
- 284659 Fedora Security Update for cachelib (FEDORA-2023-17efd3f2cd)
- 284660 Fedora Security Update for nodejs18 (FEDORA-2023-d5030c983c)
- 284672 Fedora Security Update for nodejs20 (FEDORA-2023-f66fc0f62a)
- 284673 Fedora Security Update for nodejs20 (FEDORA-2023-4d2fd884ea)
- 284674 Fedora Security Update for nodejs18 (FEDORA-2023-e9c04d81c1)
- 284683 Fedora Security Update for nghttp2 (FEDORA-2023-b2c50535cb)
- 284688 Fedora Security Update for golang (FEDORA-2023-fe53e13b5b)
- 284689 Fedora Security Update for golang (FEDORA-2023-4bf641255e)
- 284710 Fedora Security Update for mod_http2 (FEDORA-2023-c0c6a91330)
- 285180 Fedora Security Update for mod_http2 (FEDORA-2023-492b7be466)
- 285182 Fedora Security Update for golang (FEDORA-2023-822aab0a5a)
- 285184 Fedora Security Update for cachelib (FEDORA-2023-7934802344)
- 285187 Fedora Security Update for nodejs20 (FEDORA-2023-7b52921cae)
- 285188 Fedora Security Update for nodejs18 (FEDORA-2023-dbe64661af)
- 285199 Fedora Security Update for nghttp2 (FEDORA-2023-3f70b8d406)
- 285203 Fedora Security Update for trafficserver (FEDORA-2023-1caffb88af)
- 296105 Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)
- 296106 Oracle Solaris 11.4 Support Repository Update (SRU) 64.157.2 Missing (CPUOCT2023)
- 296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
- 317402 Cisco Secure Web Appliance HTTP/2 Rapid Reset Attack Vulnerability (CSCwh88595)
- 356400 Amazon Linux Security Advisory for nghttp2 : ALAS2-2023-2312
- 356411 Amazon Linux Security Advisory for golang : ALAS2-2023-2313
- 356446 Amazon Linux Security Advisory for nginx : ALAS-2023-1870
- 356453 Amazon Linux Security Advisory for nghttp2 : ALAS-2023-1869
- 356455 Amazon Linux Security Advisory for golang : ALAS-2023-1871
- 356456 Amazon Linux Security Advisory for tomcat8 : ALAS-2023-1868
- 356513 Amazon Linux Security Advisory for golang : ALAS2023-2023-394
- 356520 Amazon Linux Security Advisory for tomcat9 : ALAS2023-2023-390
- 356523 Amazon Linux Security Advisory for nginx : ALAS2023-2023-393
- 356526 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-391
- 356540 Amazon Linux Security Advisory for nghttp2 : ALAS2023-2023-392
- 356541 Amazon Linux Security Advisory for dotnet6.0 : ALAS2023-2023-389
- 356556 Amazon Linux Security Advisory for tomcat : ALAS2TOMCAT8.5-2023-016
- 356581 Amazon Linux Security Advisory for tomcat : ALAS2TOMCAT9-2023-010
- 356587 Amazon Linux Security Advisory for nginx : ALAS2NGINX1-2023-006
- 356597 Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2ECS-2023-016
- 356624 Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2023-2023-420
- 378951 Node.js Multiple Security Vulnerabilties (October 13, 2023 Security Release)
- 378964 Alibaba Cloud Linux Security Update for grafana (ALINUX3-SA-2023:0131)
- 379045 Alibaba Cloud Linux Security Update for varnish (ALINUX3-SA-2023:0137)
- 379047 Alibaba Cloud Linux Security Update for nghttp2 (ALINUX3-SA-2023:0132)
- 379267 Oracle Coherence January 2024 Critical Patch Update (CPUJAN2024)
- 379437 Alibaba Cloud Linux Security Update for nginx:1.20 (ALINUX3-SA-2024:0016)
- 379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
- 379516 IBM Sterling Secure Proxy Multiple Vulnerabilities (7142038)
- 379590 Gitlab Multiple Vulnerabilities (prior to gitlab- 16.5.1, 16.4.2, 16.3.6)
- 379646 Alibaba Cloud Linux Security Update for go-toolset:rhel8 (ALINUX3-SA-2024:0033)
- 44173 FortiOS Rapid Reset HTTP/2 Vulnerability (FG-IR-23-397)
- 503377 Alpine Linux Security Update for nghttp2
- 503378 Alpine Linux Security Update for nghttp2
- 503380 Alpine Linux Security Update for dotnet6-build
- 503381 Alpine Linux Security Update for dotnet6-runtime
- 503382 Alpine Linux Security Update for dotnet7-build
- 503383 Alpine Linux Security Update for dotnet7-runtime
- 503385 Alpine Linux Security Update for h2o
- 503386 Alpine Linux Security Update for go
- 503387 Alpine Linux Security Update for nghttp2
- 503390 Alpine Linux Security Update for jetty-runner
- 503391 Alpine Linux Security Update for nginx
- 503393 Alpine Linux Security Update for nginx
- 503419 Alpine Linux Security Update for nginx
- 503440 Alpine Linux Security Update for dotnet6-build
- 503441 Alpine Linux Security Update for dotnet6-runtime
- 503442 Alpine Linux Security Update for dotnet7-build
- 503443 Alpine Linux Security Update for dotnet7-runtime
- 503444 Alpine Linux Security Update for dotnet7-runtime
- 503468 Alpine Linux Security Update for lighttpd
- 503469 Alpine Linux Security Update for nghttp2
- 503629 Alpine Linux Security Update for varnish
- 505898 Alpine Linux Security Update for nghttp2
- 505899 Alpine Linux Security Update for nginx
- 505950 Alpine Linux Security Update for varnish
- 506007 Alpine Linux Security Update for dotnet6-build
- 506008 Alpine Linux Security Update for dotnet6-build
- 506015 Alpine Linux Security Update for dotnet6-runtime
- 506016 Alpine Linux Security Update for dotnet6-runtime
- 506023 Alpine Linux Security Update for dotnet7-build
- 506024 Alpine Linux Security Update for dotnet7-build
- 506028 Alpine Linux Security Update for dotnet7-runtime
- 506029 Alpine Linux Security Update for dotnet7-runtime
- 506088 Alpine Linux Security Update for go
- 506098 Alpine Linux Security Update for h2o
- 506101 Alpine Linux Security Update for jetty-runner
- 506124 Alpine Linux Security Update for netdata
- 510683 Alpine Linux Security Update for openjdk21
- 510805 Alpine Linux Security Update for varnish
- 6000246 Debian Security Update for tomcat9 (DSA 5522-1)
- 6000247 Debian Security Update for tomcat10 (DSA 5521-1)
- 6000251 Debian Security Update for tomcat9 (DLA 3617-2)
- 6000257 Debian Security Update for tomcat9 (DLA 3617-1)
- 6000263 Debian Security Update for h2o (DLA 3638-1)
- 6000267 Debian Security Update for jetty9 (DLA 3641-1)
- 6000268 Debian Security Update for trafficserver (DLA 3645-1)
- 6000281 Debian Security Update for nghttp2 (DLA 3621-1)
- 6000299 Debian Security Update for jetty9 (DSA 5540-1)
- 6000301 Debian Security Update for tomcat9 (DSA 5522-3)
- 6000303 Debian Security Update for tomcat9 (DSA 5522-2)
- 6000312 Debian Security Update for trafficserver (DSA 5549-1)
- 6000331 Debian Security Update for netty (DSA 5558-1)
- 6000332 Debian Security Update for netty (DLA 3656-1)
- 6000368 Debian Security Update for nghttp2 (DSA 5570-1)
- 673322 EulerOS Security Update for nghttp2 (EulerOS-SA-2024-1092)
- 673404 EulerOS Security Update for nghttp2 (EulerOS-SA-2024-1068)
- 673464 EulerOS Security Update for nghttp2 (EulerOS-SA-2023-3282)
- 673519 EulerOS Security Update for golang (EulerOS-SA-2023-3270)
- 673612 EulerOS Security Update for golang (EulerOS-SA-2024-1082)
- 673636 EulerOS Security Update for nghttp2 (EulerOS-SA-2023-3346)
- 673762 EulerOS Security Update for nghttp2 (EulerOS-SA-2023-3254)
- 673850 EulerOS Security Update for golang (EulerOS-SA-2024-1140)
- 673892 EulerOS Security Update for nginx (EulerOS-SA-2024-1154)
- 673979 EulerOS Security Update for golang (EulerOS-SA-2023-3299)
- 673981 EulerOS Security Update for golang (EulerOS-SA-2024-1058)
- 673988 EulerOS Security Update for golang (EulerOS-SA-2023-3331)
- 674095 EulerOS Security Update for nghttp2 (EulerOS-SA-2023-3314)
- 674107 EulerOS Security Update for golang (EulerOS-SA-2023-3242)
- 691321 Free Berkeley Software Distribution (FreeBSD) Security Update for h2o (bf545001-b96d-42e4-9d2e-60fdee204a43)
- 691327 Free Berkeley Software Distribution (FreeBSD) Security Update for traefik (7a1b2624-6a89-11ee-af06-5404a68ad561)
- 691330 Free Berkeley Software Distribution (FreeBSD) Security Update for jenkins (1ee26d45-6ddb-11ee-9898-00e081b7aa2d)
- 691368 Free Berkeley Software Distribution (FreeBSD) Security Update for varnish (f25a34b1-910d-11ee-a1a2-641c67a117d8)
- 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
- 730934 Apache Tomcat Denial of Service Vulnerability (CVE-2023-42794)
- 730935 Apache Tomcat Information Disclosure Vulnerability (CVE-2023-42795)
- 730936 Apache Tomcat Denial of Service Vulnerability (CVE-2023-42794)
- 730937 Apache Tomcat Multiple Vulnerabilities
- 730958 Jenkins HTTP/2 Denial of Service (DoS) Vulnerability (Jenkins Security Advisory 2023-10-18)
- 730977 Atlassian Confluence Data Center and Server Denial of Service (DoS) Vulnerability (CONFSERVER-93163)
- 731034 Cisco Prime Infrastructure Distributed Denial of Service (DDoS) Vulnerability (cisco-sa-http2-reset-d8Kf32vZ)
- 755088 SUSE Enterprise Linux Security Update for go1.21 (SUSE-SU-2023:4069-1)
- 755089 SUSE Enterprise Linux Security Update for go1.20 (SUSE-SU-2023:4068-1)
- 755117 SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2023:4129-1)
- 755122 SUSE Enterprise Linux Security Update for nodejs18 (SUSE-SU-2023:4133-1)
- 755131 SUSE Enterprise Linux Security Update for nodejs18 (SUSE-SU-2023:4155-1)
- 755139 SUSE Enterprise Linux Security Update for netty, netty-tcnative (SUSE-SU-2023:4163-1)
- 755155 SUSE Enterprise Linux Security Update for nghttp2 (SUSE-SU-2023:4200-1)
- 755156 SUSE Enterprise Linux Security Update for nghttp2 (SUSE-SU-2023:4199-1)
- 755165 SUSE Enterprise Linux Security Update for jetty-minimal (SUSE-SU-2023:4210-1)
- 755167 SUSE Enterprise Linux Security Update for nodejs18 (SUSE-SU-2023:4207-1)
- 755201 SUSE Enterprise Linux Security Update for nodejs10 (SUSE-SU-2023:4295-1)
- 755230 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2023:4374-1)
- 755231 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2023:4373-1)
- 755272 SUSE Enterprise Linux Security Update for go1.20-openssl (SUSE-SU-2023:4472-1)
- 755275 SUSE Enterprise Linux Security Update for go1.21-openssl (SUSE-SU-2023:4469-1)
- 755292 SUSE Enterprise Linux Security Update for nghttp2 (SUSE-SU-2023:4492-1)
- 755902 SUSE Enterprise Linux Security Update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t (SUSE-SU-2023:4624-1)
- 770209 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:5679)
- 770210 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:5717)
- 770213 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)
- 770214 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
- 770215 Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:7325)
- 770217 Red Hat OpenShift Container Platform 4.11 Security Update (RHSA-2023:7481)
- 770219 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:7610)
- 907423 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (31333)
- 907426 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (31299-1)
- 907428 Common Base Linux Mariner (CBL-Mariner) Security Update for skopeo (31345-1)
- 907429 Common Base Linux Mariner (CBL-Mariner) Security Update for rook (31343-1)
- 907431 Common Base Linux Mariner (CBL-Mariner) Security Update for vitess (31348-1)
- 907432 Common Base Linux Mariner (CBL-Mariner) Security Update for prometheus (31341-1)
- 907433 Common Base Linux Mariner (CBL-Mariner) Security Update for prometheus-adapter (31342-1)
- 907434 Common Base Linux Mariner (CBL-Mariner) Security Update for kured (31319-1)
- 907435 Common Base Linux Mariner (CBL-Mariner) Security Update for flannel (31307-1)
- 907436 Common Base Linux Mariner (CBL-Mariner) Security Update for terraform (31347-1)
- 907437 Common Base Linux Mariner (CBL-Mariner) Security Update for cert-manager (31296-1)
- 907438 Common Base Linux Mariner (CBL-Mariner) Security Update for azcopy (31292-1)
- 907439 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-buildx (31325-1)
- 907440 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (31318-1)
- 907441 Common Base Linux Mariner (CBL-Mariner) Security Update for multus (31331-1)
- 907442 Common Base Linux Mariner (CBL-Mariner) Security Update for influxdb (31312-1)
- 907443 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-compose (31327-1)
- 907445 Common Base Linux Mariner (CBL-Mariner) Security Update for grpc (31520-1)
- 907446 Common Base Linux Mariner (CBL-Mariner) Security Update for kata-containers (31314-1)
- 907447 Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (31306-1)
- 907448 Common Base Linux Mariner (CBL-Mariner) Security Update for containerized-data-importer (31300-1)
- 907449 Common Base Linux Mariner (CBL-Mariner) Security Update for kube-vip-cloud-provider (31317-1)
- 907451 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (31519-1)
- 907452 Common Base Linux Mariner (CBL-Mariner) Security Update for application-gateway-kubernetes-ingress (31291-1)
- 907453 Common Base Linux Mariner (CBL-Mariner) Security Update for nghttp2 (31332-1)
- 907454 Common Base Linux Mariner (CBL-Mariner) Security Update for kata-containers-cc (31315-1)
- 907456 Common Base Linux Mariner (CBL-Mariner) Security Update for keda (31316-1)
- 907457 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-cli (31326-1)
- 907458 Common Base Linux Mariner (CBL-Mariner) Security Update for nmi (31335-1)
- 907459 Common Base Linux Mariner (CBL-Mariner) Security Update for csi-driver-lvm (31305-1)
- 907462 Common Base Linux Mariner (CBL-Mariner) Security Update for cri-tools (31304-1)
- 907463 Common Base Linux Mariner (CBL-Mariner) Security Update for local-path-provisioner (31324-1)
- 907464 Common Base Linux Mariner (CBL-Mariner) Security Update for opa (31493-1)
- 907465 Common Base Linux Mariner (CBL-Mariner) Security Update for coredns (31301-1)
- 907467 Common Base Linux Mariner (CBL-Mariner) Security Update for packer (31340-1)
- 907469 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd-cc (31491-1)
- 907470 Common Base Linux Mariner (CBL-Mariner) Security Update for jx (31313-1)
- 907472 Common Base Linux Mariner (CBL-Mariner) Security Update for node-problem-detector (31336-1)
- 907473 Common Base Linux Mariner (CBL-Mariner) Security Update for sriov-network-device-plugin (31346-1)
- 907474 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-engine (31329-1)
- 907475 Common Base Linux Mariner (CBL-Mariner) Security Update for cf-cli (31297-1)
- 907476 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (31328-1)
- 907477 Common Base Linux Mariner (CBL-Mariner) Security Update for libcontainers-common (31323-1)
- 907478 Common Base Linux Mariner (CBL-Mariner) Security Update for telegraf (31498-1)
- 907480 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs18 (31339-1)
- 907503 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (31333-1)
- 907513 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (31519-2)
- 907593 Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (31693-1)
- 907598 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs18 (31339-2)
- 907792 Common Base Linux Mariner (CBL-Mariner) Security Update for coredns (31301-2)
- 907833 Common Base Linux Mariner (CBL-Mariner) Security Update for helm (33343-1)
- 907863 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (31519-3)
- 907895 Common Base Linux Mariner (CBL-Mariner) Security Update for local-path-provisioner (31324-2)
- 907900 Common Base Linux Mariner (CBL-Mariner) Security Update for packer (31340-2)
- 907902 Common Base Linux Mariner (CBL-Mariner) Security Update for azcopy (31292-2)
- 907903 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-buildx (31325-2)
- 907905 Common Base Linux Mariner (CBL-Mariner) Security Update for containerized-data-importer (31300-2)
- 907909 Common Base Linux Mariner (CBL-Mariner) Security Update for vitess (31348-2)
- 907910 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd-cc (31491-2)
- 907913 Common Base Linux Mariner (CBL-Mariner) Security Update for kube-vip-cloud-provider (31317-2)
- 907919 Common Base Linux Mariner (CBL-Mariner) Security Update for kubevirt (31318-2)
- 907922 Common Base Linux Mariner (CBL-Mariner) Security Update for terraform (31347-2)
- 907923 Common Base Linux Mariner (CBL-Mariner) Security Update for moby-compose (31327-2)
- 907930 Common Base Linux Mariner (CBL-Mariner) Security Update for cf-cli (31297-2)
- 907931 Common Base Linux Mariner (CBL-Mariner) Security Update for application-gateway-kubernetes-ingress (31291-2)
- 907933 Common Base Linux Mariner (CBL-Mariner) Security Update for jx (31313-2)
- 907945 Common Base Linux Mariner (CBL-Mariner) Security Update for rook (31343-2)
- 907984 Common Base Linux Mariner (CBL-Mariner) Security Update for keda (31316-2)
- 908040 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (37314-1)
- 92067 Microsoft HTTP/2 Protocol Distributed Denial of Service (DoS) Vulnerability
- 92070 Microsoft Azure Stack Hub Security Updates for October 2023
- 92072 Microsoft .NET Security Update for October 2023
- 941295 AlmaLinux Security Update for nginx:1.22 (ALSA-2023:5713)
- 941296 AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2023:5721)
- 941297 AlmaLinux Security Update for dotnet7.0 (ALSA-2023:5709)
- 941298 AlmaLinux Security Update for go-toolset and golang (ALSA-2023:5738)
- 941299 AlmaLinux Security Update for nginx (ALSA-2023:5711)
- 941300 AlmaLinux Security Update for dotnet6.0 (ALSA-2023:5708)
- 941301 AlmaLinux Security Update for .NET (ALSA-2023:5749)
- 941302 AlmaLinux Security Update for nodejs (ALSA-2023:5765)
- 941304 AlmaLinux Security Update for nghttp2 (ALSA-2023:5837)
- 941305 AlmaLinux Security Update for nodejs:16 (ALSA-2023:5850)
- 941306 AlmaLinux Security Update for nodejs:18 (ALSA-2023:5869)
- 941308 AlmaLinux Security Update for grafana (ALSA-2023:5863)
- 941309 AlmaLinux Security Update for nodejs:18 (ALSA-2023:5849)
- 941310 AlmaLinux Security Update for grafana (ALSA-2023:5867)
- 941311 AlmaLinux Security Update for nghttp2 (ALSA-2023:5838)
- 941312 AlmaLinux Security Update for tomcat (ALSA-2023:5928)
- 941317 AlmaLinux Security Update for dotnet6.0 (ALSA-2023:5710)
- 941318 AlmaLinux Security Update for tomcat (ALSA-2023:5929)
- 941320 AlmaLinux Security Update for varnish (ALSA-2023:5924)
- 941326 AlmaLinux Security Update for nginx:1.20 (ALSA-2023:5712)
- 941328 AlmaLinux Security Update for varnish (ALSA-2023:5989)
- 941329 AlmaLinux Security Update for toolbox (ALSA-2023:6077)
- 941330 AlmaLinux Security Update for nginx:1.22 (ALSA-2023:6120)
- 941407 AlmaLinux Security Update for nghttp2 (ALSA-2023:6746)
- 941479 AlmaLinux Security Update for nodejs:20 (ALSA-2023:7205)
- 941626 AlmaLinux Security Update for nodejs:16 (ALSA-2024:1444)
- 961048 Rocky Linux Security Update for nghttp2 (RLSA-2023:5838)
- 961049 Rocky Linux Security Update for nodejs:16 (RLSA-2023:5850)
- 961050 Rocky Linux Security Update for tomcat (RLSA-2023:5928)
- 961053 Rocky Linux Security Update for nodejs (RLSA-2023:5765)
- 961055 Rocky Linux Security Update for varnish (RLSA-2023:5989)
- 961056 Rocky Linux Security Update for grafana (RLSA-2023:5863)
- 961058 Rocky Linux Security Update for go-toolset and golang (RLSA-2023:5738)
- 961059 Rocky Linux Security Update for varnish (RLSA-2023:5924)
- 961060 Rocky Linux Security Update for .NET (RLSA-2023:5749)
- 961061 Rocky Linux Security Update for dotnet6.0 (RLSA-2023:5708)
- 961063 Rocky Linux Security Update for go-toolset:rhel8 (RLSA-2023:5721)
- 961064 Rocky Linux Security Update for nginx:1.22 (RLSA-2023:6120)
- 961065 Rocky Linux Security Update for Satellite (RLSA-2023:6818)
- 961071 Rocky Linux Security Update for toolbox (RLSA-2023:6077)
- 961072 Rocky Linux Security Update for nghttp2 (RLSA-2023:6746)
- 961085 Rocky Linux Security Update for nodejs:20 (RLSA-2023:7205)
- 961141 Rocky Linux Security Update for nodejs:16 (RLSA-2024:1444)
- 995570 GO (Go) Security Update for golang.org/x/net (GHSA-qppj-fm5r-hxr3)
- 996444 Java (Maven) Security Update for golang.org/x/net (GHSA-qppj-fm5r-hxr3)