Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Remediation

References

CVE-2023-44487

Related Vulnerabilities

PHP Other Vulnerability (CVE-2006-1014)

WordPress Plugin WP-FaceThumb Cross-Site Scripting (1.0)

WordPress Plugin Stock Ticker Security Bypass (3.23.0)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)

WordPress Plugin Skype Legacy Buttons Multiple Vulnerabilities (3.0.4)

Severity

High

Classification

CVE-2023-44487 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities