English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.13.2023.284.02
Categoría:Slackware Local Security Checks
Título:Slackware: Security Advisory (SSA:2023-284-02)
Resumen:The remote host is missing an update for the 'nghttp2' package(s) announced via the SSA:2023-284-02 advisory.
Descripción:Summary:
The remote host is missing an update for the 'nghttp2' package(s) announced via the SSA:2023-284-02 advisory.

Vulnerability Insight:
New nghttp2 packages are available for Slackware 15.0 and -current to
fix a security issue.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/nghttp2-1.57.0-i586-1_slack15.0.txz: Upgraded.
This release has a fix to mitigate the HTTP/2 Rapid Reset vulnerability.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'nghttp2' package(s) on Slackware 15.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-44487
Debian Security Information: DSA-5521 (Google Search)
https://www.debian.org/security/2023/dsa-5521
Debian Security Information: DSA-5522 (Google Search)
https://www.debian.org/security/2023/dsa-5522
Debian Security Information: DSA-5540 (Google Search)
https://www.debian.org/security/2023/dsa-5540
Debian Security Information: DSA-5549 (Google Search)
https://www.debian.org/security/2023/dsa-5549
Debian Security Information: DSA-5558 (Google Search)
https://www.debian.org/security/2023/dsa-5558
Debian Security Information: DSA-5570 (Google Search)
https://www.debian.org/security/2023/dsa-5570
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
https://security.gentoo.org/glsa/202311-09
https://access.redhat.com/security/cve/cve-2023-44487
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://blog.vespa.ai/cve-2023-44487/
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://github.com/akka/akka-http/issues/4323
https://github.com/apache/apisix/issues/10320
https://github.com/apache/httpd-site/pull/10
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://github.com/etcd-io/etcd/issues/16740
https://github.com/junkurihara/rust-rpxy/issues/97
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/kazu-yamamoto/http2/issues/93
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/line/armeria/pull/5232
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/ninenines/cowboy/issues/1615
https://github.com/openresty/openresty/issues/930
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/projectcontour/contour/pull/5826
https://github.com/tempesta-tech/tempesta/issues/1986
https://github.com/varnishcache/varnish-cache/issues/3996
https://istio.io/latest/news/security/istio-security-2023-004/
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://news.ycombinator.com/item?id=37837043
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://security.paloaltonetworks.com/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://ubuntu.com/security/CVE-2023-44487
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://github.com/apache/trafficserver/pull/10564
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/caddyserver/caddy/issues/5877
https://github.com/dotnet/announcements/issues/277
https://github.com/eclipse/jetty.project/issues/10679
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/facebook/proxygen/pull/466
https://github.com/golang/go/issues/63417
https://github.com/grpc/grpc-go/pull/6703
https://github.com/h2o/h2o/pull/3291
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/haproxy/haproxy/issues/2312
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/micrictor/http2-rst-stream
https://github.com/microsoft/CBL-Mariner/pull/6381
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://github.com/nodejs/node/pull/50121
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://my.f5.com/manage/s/article/K000137106
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://news.ycombinator.com/item?id=37831062
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
http://www.openwall.com/lists/oss-security/2023/10/13/4
http://www.openwall.com/lists/oss-security/2023/10/13/9
http://www.openwall.com/lists/oss-security/2023/10/18/8
http://www.openwall.com/lists/oss-security/2023/10/18/4
http://www.openwall.com/lists/oss-security/2023/10/19/6
http://www.openwall.com/lists/oss-security/2023/10/20/8
CopyrightCopyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.