Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-44487

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

POC

Reference

- https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

- https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

- https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

- https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

- https://github.com/Azure/AKS/issues/3947

- https://github.com/advisories/GHSA-qppj-fm5r-hxr3

- https://github.com/akka/akka-http/issues/4323

- https://github.com/alibaba/tengine/issues/1872

- https://github.com/apache/apisix/issues/10320

- https://github.com/apache/httpd-site/pull/10

- https://github.com/apache/trafficserver/pull/10564

- https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487

- https://github.com/caddyserver/caddy/issues/5877

- https://github.com/eclipse/jetty.project/issues/10679

- https://github.com/envoyproxy/envoy/pull/30055

- https://github.com/etcd-io/etcd/issues/16740

- https://github.com/facebook/proxygen/pull/466

- https://github.com/golang/go/issues/63417

- https://github.com/grpc/grpc-go/pull/6703

- https://github.com/h2o/h2o/pull/3291

- https://github.com/haproxy/haproxy/issues/2312

- https://github.com/kazu-yamamoto/http2/issues/93

- https://github.com/kubernetes/kubernetes/pull/121120

- https://github.com/line/armeria/pull/5232

- https://github.com/micrictor/http2-rst-stream

- https://github.com/microsoft/CBL-Mariner/pull/6381

- https://github.com/nghttp2/nghttp2/pull/1961

- https://github.com/ninenines/cowboy/issues/1615

- https://github.com/nodejs/node/pull/50121

- https://github.com/openresty/openresty/issues/930

- https://github.com/opensearch-project/data-prepper/issues/3474

- https://github.com/projectcontour/contour/pull/5826

- https://github.com/tempesta-tech/tempesta/issues/1986

- https://github.com/varnishcache/varnish-cache/issues/3996

- https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

- https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack

- https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/

- https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause

Github

- https://github.com/0xMarcio/cve

- https://github.com/11notes/docker-github-runner

- https://github.com/11notes/docker-paperless-ngx

- https://github.com/20142995/nuclei-templates

- https://github.com/8-cm/kube-dump

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/AlexRogalskiy/AlexRogalskiy

- https://github.com/Andromeda254/cve

- https://github.com/Arnabdaz/CVE-Search-MCP

- https://github.com/Austnez/tools

- https://github.com/Ayesha86527/Vulnerigence

- https://github.com/BMG-Black-Magic/CVE-2023-44487

- https://github.com/ByteHackr/CVE-2023-44487

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Christian-sudo945/h2-rapid-reset

- https://github.com/CyberSecAI/cve_info_refs_crawler

- https://github.com/Dhruv3215/Task---3-Elevate-labs-vulnerability-scan

- https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh

- https://github.com/GhostTroops/TOP

- https://github.com/Green-Ace/practice_2024

- https://github.com/Green-Ace/test

- https://github.com/Howard375/http2_rapid_reset

- https://github.com/Ja4mine/cve_management

- https://github.com/Millen93/HTTP-2.0-Rapid-Reset-Attack-Laboratory

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/R0X4R/Indra

- https://github.com/R0X4R/indraa

- https://github.com/ReToCode/golang-CVE-2023-44487

- https://github.com/SiteQ8/ThreatMapper

- https://github.com/SohaibBaloch978/FutureIntern_CYS_02

- https://github.com/SourcePointSecurity/SwampScan

- https://github.com/Starsh82/ProfHW7

- https://github.com/TYuan0816/cve-2023-44487

- https://github.com/XiangTrong/http2-rapid-client

- https://github.com/ZonghaoLi777/githubTrending

- https://github.com/abegorov/linux10

- https://github.com/abegorov/linux10_rpm

- https://github.com/aerospike-managed-cloud-services/flb-output-gcs

- https://github.com/alex-grandson/docker-python-example

- https://github.com/aneasystone/github-trending

- https://github.com/aulauniversal/CVE-2023-44487

- https://github.com/b6421582/NetHammer

- https://github.com/bartvoet/assignment-ehb-security-review-adamlenez

- https://github.com/bcdannyboy/CVE-2023-44487

- https://github.com/boardwalkjoe/cve-security-check

- https://github.com/buybitart/bitcoinart

- https://github.com/buybitart/cloudflare-security-art

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/danielkec/rapid-reset

- https://github.com/drewtwitchell/scancompare

- https://github.com/dygma0/dygma0

- https://github.com/fankun99/baicuan

- https://github.com/felipecruz91/high-profile-demo

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/ge-wijayanto/http2-rapid-reset-validator

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/glkfc/CVE_Reproduce

- https://github.com/gmh5225/CVE_2023_44487-Rapid_Reset

- https://github.com/h4ckm1n-dev/report-test

- https://github.com/h7ml/h7ml

- https://github.com/hktalent/TOP

- https://github.com/imabee101/CVE-2023-44487

- https://github.com/irgoncalves/awesome-security-articles

- https://github.com/jafshare/GithubTrending

- https://github.com/jamiesmith/portfolio

- https://github.com/johe123qwe/github-trending

- https://github.com/jrg1a/tools

- https://github.com/juev/links

- https://github.com/knabben/dos-poc

- https://github.com/kobutton/redhat-cve-fix-checker

- https://github.com/kyverno/policy-reporter-plugins

- https://github.com/lucasdbr05/http2-rapid-reset-attack-simulation

- https://github.com/lucasrod16/exploitlens

- https://github.com/m00dy/r4p1d-r3s3t

- https://github.com/madhusudhan-in/CVE_2023_44487-Rapid_Reset

- https://github.com/malinkamedok/devops_sandbox

- https://github.com/mcdaqc/vulnerability-intelligence-diagrammatic-reasoning

- https://github.com/micrictor/http2-rst-stream

- https://github.com/moften/CVE-2022-41741-742-Nginx-Vulnerability-Scanner

- https://github.com/moften/CVE-2022-4174_CVE-2022-41742

- https://github.com/moften/CVE-2023-44487-HTTP-2-Rapid-Reset-Attack

- https://github.com/moften/CVE-2025-8671-MadeYouReset-HTTP-2-DDoS

- https://github.com/mooowu/mooowu

- https://github.com/n3th4ck3rx/cvequery

- https://github.com/ndrscodes/http2-rst-stream-attacker

- https://github.com/nics-tw/sbom2vans

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nvdg2/http2RapidReset

- https://github.com/nxenon/cve-2023-44487

- https://github.com/opekk/zadanie2-weather-app

- https://github.com/oscerd/nice-cve-poc

- https://github.com/ozanunal0/viper

- https://github.com/pabloec20/rapidreset

- https://github.com/pinoyvendetta/pv-nodejs-layer-7

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/poikl246/DevSecOps-2024-v2

- https://github.com/psibirenko-svg/ALP-tutorial

- https://github.com/ramonzx6/http-script-json

- https://github.com/rezayw/boogey

- https://github.com/runwhen-contrib/helm-charts

- https://github.com/rxerium/stars

- https://github.com/scottyplex/Get-CVE

- https://github.com/scottyplex/Get-OVAL

- https://github.com/seal-community/patches

- https://github.com/secengjeff/rapidresetclient

- https://github.com/sigridou/CVE-2023-44487-

- https://github.com/smartcow99/docker-security-check-using-trivy

- https://github.com/stargazeengineer/Combining_anomaly_detection_and_machine_learning_to_prevent_DDoS_attacks

- https://github.com/stargazeengineer/Performance-Analysis-of-DDoS-Attack-Detection-Based-on-Machine-Learning-Algorithms

- https://github.com/studiogangster/CVE-2023-44487

- https://github.com/tanjiti/sec_profile

- https://github.com/terrorist/HTTP-2-Rapid-Reset-Client

- https://github.com/testing-felickz/docker-scout-demo

- https://github.com/threatlabindonesia/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC

- https://github.com/tomtang77/sec-8b-instruct

- https://github.com/track9alway/Terminus

- https://github.com/wolfc/snakeinmyboot

- https://github.com/wskvfhprrk/FOMO-pay

- https://github.com/xLanStar/http2-rapid-reset-test

- https://github.com/ytono/gcp-arcade

- https://github.com/zanks08/cve-2023-44487-demo

- https://github.com/zanks08/zanks08

- https://github.com/zengzzzzz/golang-trending-archive

- https://github.com/zhaohuabing/cve-agent

- https://github.com/zhaoolee/garss

- https://github.com/zulloper/cve-poc