English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.170598
Kategorie:Web Servers
Titel:Apache Tomcat Multiple Vulnerabilities (Oct 2023) - Windows
Zusammenfassung:Apache Tomcat is prone to multiple vulnerabilities.
Beschreibung:Summary:
Apache Tomcat is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2023-42795: When recycling various internal objects, including the request and the response,
prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the
recycling process leading to information leaking from the current request/response to the next.

- CVE-2023-44487: HTTP/2 rapid reset attack

- CVE-2023-45648: A specially crafted, invalid trailer header could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request smuggling when behind a reverse
proxy.

Affected Software/OS:
Apache Tomcat versions 8.5.0 through 8.5.93, 9.0.0-M1 through
9.0.80, 10.0.0 through 10.1.13 and 11.0.0-M1 through 11.0.0-M11.

Solution:
Update to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or
later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-42795
Debian Security Information: DSA-5521 (Google Search)
https://www.debian.org/security/2023/dsa-5521
Debian Security Information: DSA-5522 (Google Search)
https://www.debian.org/security/2023/dsa-5522
https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
http://www.openwall.com/lists/oss-security/2023/10/10/9
Common Vulnerability Exposure (CVE) ID: CVE-2023-44487
Debian Security Information: DSA-5540 (Google Search)
https://www.debian.org/security/2023/dsa-5540
Debian Security Information: DSA-5549 (Google Search)
https://www.debian.org/security/2023/dsa-5549
Debian Security Information: DSA-5558 (Google Search)
https://www.debian.org/security/2023/dsa-5558
Debian Security Information: DSA-5570 (Google Search)
https://www.debian.org/security/2023/dsa-5570
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
https://security.gentoo.org/glsa/202311-09
https://access.redhat.com/security/cve/cve-2023-44487
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://blog.vespa.ai/cve-2023-44487/
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://github.com/akka/akka-http/issues/4323
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://github.com/etcd-io/etcd/issues/16740
https://github.com/junkurihara/rust-rpxy/issues/97
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/ninenines/cowboy/issues/1615
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://istio.io/latest/news/security/istio-security-2023-004/
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://news.ycombinator.com/item?id=37837043
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://security.paloaltonetworks.com/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://ubuntu.com/security/CVE-2023-44487
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://github.com/apache/trafficserver/pull/10564
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/dotnet/announcements/issues/277
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/h2o/h2o/pull/3291
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/haproxy/haproxy/issues/2312
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://github.com/nodejs/node/pull/50121
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://my.f5.com/manage/s/article/K000137106
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://news.ycombinator.com/item?id=37831062
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
Common Vulnerability Exposure (CVE) ID: CVE-2023-45648
https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp
http://www.openwall.com/lists/oss-security/2023/10/10/10
CopyrightCopyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.