CVE-2023-44487

Vulnerability updated a month ago (2024-11-29T13:35:22.148Z)

Download STIX

Preview STIX

CVE-2023-44487 is a high-severity vulnerability discovered in web servers supporting HTTP/2, which allows threat actors to exploit the 'stream multiplexing' feature. This flaw enables attackers to send repeated requests and cancel them immediately, leading to a 'Rapid Reset' attack causing Denial of Service (DoS). The vulnerability was made public in October 2023, and it has been linked to a surge in hyper-volumetric attacks due to a sophisticated and persistent DDoS attack campaign that exploited this vulnerability. This vulnerability was one of three zero-day vulnerabilities addressed by Microsoft in their October update cycle. The other two were an elevation-of-privilege flaw in Skype for Business (CVE-2023-41763) and an information disclosure bug in WordPad (CVE-2023-36563). However, CVE-2023-44487 stood out as it enabled a new Distributed Denial-of-Service (DDoS) attack technique named "HTTP/2 Rapid Reset". In response, Microsoft released updates to the Visual Studio development platform excluding the Mitre Rapid Reset issue. Reports indicated that a remote attacker could send specially crafted requests to exploit the vulnerability in an attempt to carry out distributed denial-of-service (DDoS) attacks known as "Rapid Reset". These attacks exploited the HTTP/2 Rapid Reset vulnerability, contributing significantly to the rise in hyper-volumetric attacks. To mitigate this threat, Check Point IPS provides protection against this specific type of DDoS attack.

Description last updated: 2024-05-04T16:08:29.702Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Http/2 Rapid Reset is a possible alias for CVE-2023-44487. The HTTP/2 Rapid Reset is a software vulnerability (CVE-2023-44487) that was discovered during testing and later disclosed by Cloudflare. This flaw in the design or implementation of HTTP/2 protocol allows for a type of Distributed Denial-of-Service (DDoS) attack, specifically at layer 7. The vulner	6
Rapid Reset is a possible alias for CVE-2023-44487. The Rapid Reset vulnerability, officially designated as CVE-2023-44487, is a flaw in software design or implementation that allows for a unique form of Distributed Denial of Service (DDoS) attack. An attacker can exploit this vulnerability by sending a sequence of compressed HEADERS frames followed	4
CVE-2023-41763 is a possible alias for CVE-2023-44487. CVE-2023-41763 is a significant software vulnerability, identified as an elevation of privilege flaw, found within Microsoft's Skype for Business. This zero-day vulnerability allows malicious actors to gain unauthorized access and control over affected systems, posing a severe risk to the integrity,	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Microsoft

Zero Day

Exploit

Google

Cloudflare

Denial of Se...

Skype

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-36563 Vulnerability is associated with CVE-2023-44487. CVE-2023-36563 is a critical information disclosure vulnerability discovered in Microsoft WordPad. The flaw, categorized as a zero-day bug, was one of the twelve vulnerabilities rated as 'Critical' among 104 issues addressed by Microsoft. The vulnerability was exploited actively in the wild, affecti	Unspecified	3

Source Document References

Information about the CVE-2023-44487 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Canadian Centre for Cyber Security	5 days ago	Microsoft security advisory – December 2024 monthly rollup (AV24–701) - Canadian Centre for Cyber Security
CISA	a month ago	Siemens SINEC INS \| CISA
CISA	4 months ago	Siemens SINEC NMS \| CISA
CISA	6 months ago	Siemens ST7 ScadaConnect \| CISA
CISA	9 months ago	Siemens RUGGEDCOM APE1808 \| CISA
CERT-EU	9 months ago	Multiple vulnerabilities in Fortigate NGFW on Siemens RUGGEDCOM APE1808 devices
CERT-EU	10 months ago	SUSE: 2023:4624-1 important: kubevirt, virt-api-container, virt-contro \| Linu...
CERT-EU	a year ago	Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Slice Selection Function
CERT-EU	a year ago	HTTP/2 Rapid Reset Mitigation With Imperva WAF
CERT-EU	a year ago	Multiple vulnerabilities in IBM Cloud Pak for Business Automation
CERT-EU	a year ago	Cloudflare 2023 Year in Review – GIXtools
CERT-EU	a year ago	New DDoS Attacks Waves. Cybersecurity Expert Robertino Matausch Explains HTTP/2 Rapid Reset
CERT-EU	a year ago	Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.0
CERT-EU	a year ago	Microsoft Patch Tuesday, October 2023 Security Update Review \| Qualys Security Blog
CERT-EU	a year ago	CISA Adds Five Known Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS yet
Krebs on Security	a year ago	Patch Tuesday, October 2023 Edition
CERT-EU	a year ago	[SECURITY] [DSA 5558-1] netty security update
CERT-EU	a year ago	SUSE update for go1.21-openssl
CERT-EU	a year ago	SUSE update for go1.20-openssl