CVEFinder.io

CVE-2023-44487

⚠️ high
Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS Score
7.5
High
EPSS Score
94.4
Exploit Probability
Published Date
2023-10-10
First Seen: 2026-01-05
Last Modified 2025-11-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-400

🔗 References 287

http://www.openwall.com/lists/oss-security/2023/10/10/6
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/10/7
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/4
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8
Mailing List Third Party Advisory
https://access.redhat.com/security/cve/cve-2023-44487
Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers...
Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/A...
Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http...
Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-htt...
Third Party Advisory Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-rese...
Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-resea...
Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/
Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123
Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c...
Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-secu...
Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-secu...
Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable...
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-...
Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tal...
Broken Link
https://forums.swift.org/t/swift-nio-http2-security-...
Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e1...
Issue Tracking Patch
https://github.com/Azure/AKS/issues/3947
Issue Tracking
https://github.com/Kong/kong/discussions/11741
Issue Tracking
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg
Mitigation Patch Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323
Issue Tracking
https://github.com/alibaba/tengine/issues/1872
Issue Tracking
https://github.com/apache/apisix/issues/10320
Issue Tracking
https://github.com/apache/httpd-site/pull/10
Issue Tracking
https://github.com/apache/httpd/blob/afcdbeebbff4b0c...
Product
https://github.com/apache/tomcat/tree/main/java/org/...
Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564
Issue Tracking Patch
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487
Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877
Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2...
Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277
Issue Tracking Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd...
Product Release Notes
https://github.com/eclipse/jetty.project/issues/10679
Issue Tracking
https://github.com/envoyproxy/envoy/pull/30055
Issue Tracking Patch
https://github.com/etcd-io/etcd/issues/16740
Issue Tracking Patch
https://github.com/facebook/proxygen/pull/466
Issue Tracking Patch
https://github.com/golang/go/issues/63417
Issue Tracking
https://github.com/grpc/grpc-go/pull/6703
Issue Tracking Patch
https://github.com/grpc/grpc/releases/tag/v1.59.2
Mailing List
https://github.com/h2o/h2o/pull/3291
Issue Tracking Patch
https://github.com/h2o/h2o/security/advisories/GHSA-...
Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312
Issue Tracking
https://github.com/icing/mod_h2/blob/0a864782af0a942...
Product
https://github.com/junkurihara/rust-rpxy/issues/97
Issue Tracking
https://github.com/kazu-yamamoto/http2/commit/f61d41...
Patch
https://github.com/kazu-yamamoto/http2/issues/93
Issue Tracking
https://github.com/kubernetes/kubernetes/pull/121120
Issue Tracking Patch
https://github.com/line/armeria/pull/5232
Issue Tracking Patch
https://github.com/linkerd/website/pull/1695/commits...
Patch
https://github.com/micrictor/http2-rst-stream
Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381
Issue Tracking Patch
https://github.com/netty/netty/commit/58f75f665aa81a...
Patch
https://github.com/nghttp2/nghttp2/pull/1961
Issue Tracking Patch
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
Release Notes
https://github.com/ninenines/cowboy/issues/1615
Issue Tracking
https://github.com/nodejs/node/pull/50121
Issue Tracking
https://github.com/openresty/openresty/issues/930
Issue Tracking
https://github.com/opensearch-project/data-prepper/i...
Issue Tracking Patch
https://github.com/oqtane/oqtane.framework/discussio...
Issue Tracking
https://github.com/projectcontour/contour/pull/5826
Issue Tracking Patch
https://github.com/tempesta-tech/tempesta/issues/1986
Issue Tracking
https://github.com/varnishcache/varnish-cache/issues...
Issue Tracking
https://groups.google.com/g/golang-announce/c/iNNxDT...
Mailing List Release Notes Vendor Advisory
https://istio.io/latest/news/security/istio-security...
Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o4...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/11...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/11...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.w3.org/Archives/Public/ietf-http-wg/20...
Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023...
Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/dra...
Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-re...
Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerabilit...
Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106
Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html
Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987
Issue Tracking
https://news.ycombinator.com/item?id=37830998
Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062
Issue Tracking
https://news.ycombinator.com/item?id=37837043
Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-res...
Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hype...
Third Party Advisory
https://sec.cloudapps.cisco.com/security/center/cont...
Vendor Advisory
https://security.gentoo.org/glsa/202311-09
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0...
Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0...
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487
Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_...
Release Notes
https://ubuntu.com/security/CVE-2023-44487
Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-h...
Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/h...
Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero...
Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521
Mailing List Vendor Advisory
https://www.debian.org/security/2023/dsa-5522
Mailing List Vendor Advisory
https://www.debian.org/security/2023/dsa-5540
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5549
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5558
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5570
Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected...
Third Party Advisory Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mi...
Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack...
Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/...
Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_r...
Press/Media Coverage Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/4
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/13/9
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/4
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/19/6
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/08/13/6
Third Party Advisory
https://access.redhat.com/security/cve/cve-2023-44487
Vendor Advisory
https://arstechnica.com/security/2023/10/how-ddosers...
Press/Media Coverage Third Party Advisory
https://aws.amazon.com/security/security-bulletins/A...
Third Party Advisory
https://blog.cloudflare.com/technical-breakdown-http...
Technical Description Vendor Advisory
https://blog.cloudflare.com/zero-day-rapid-reset-htt...
Third Party Advisory Vendor Advisory
https://blog.litespeedtech.com/2023/10/11/rapid-rese...
Vendor Advisory
https://blog.qualys.com/vulnerabilities-threat-resea...
Press/Media Coverage Third Party Advisory
https://blog.vespa.ai/cve-2023-44487/
Vendor Advisory
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1216123
Issue Tracking Vendor Advisory
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c...
Mailing List Patch Vendor Advisory
https://cloud.google.com/blog/products/identity-secu...
Technical Description Vendor Advisory
https://cloud.google.com/blog/products/identity-secu...
Technical Description Vendor Advisory
https://community.traefik.io/t/is-traefik-vulnerable...
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-...
Third Party Advisory
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tal...
Broken Link
https://forums.swift.org/t/swift-nio-http2-security-...
Vendor Advisory
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e1...
Issue Tracking Patch
https://github.com/Azure/AKS/issues/3947
Issue Tracking
https://github.com/Kong/kong/discussions/11741
Issue Tracking
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
Vendor Advisory
https://github.com/advisories/GHSA-vx74-f528-fxqg
Mitigation Patch Vendor Advisory
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
Patch Vendor Advisory
https://github.com/akka/akka-http/issues/4323
Issue Tracking
https://github.com/alibaba/tengine/issues/1872
Issue Tracking
https://github.com/apache/apisix/issues/10320
Issue Tracking
https://github.com/apache/httpd-site/pull/10
Issue Tracking
https://github.com/apache/httpd/blob/afcdbeebbff4b0c...
Product
https://github.com/apache/tomcat/tree/main/java/org/...
Product Third Party Advisory
https://github.com/apache/trafficserver/pull/10564
Issue Tracking Patch
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
Vendor Advisory
https://github.com/bcdannyboy/CVE-2023-44487
Third Party Advisory
https://github.com/caddyserver/caddy/issues/5877
Issue Tracking Vendor Advisory
https://github.com/caddyserver/caddy/releases/tag/v2...
Release Notes Third Party Advisory
https://github.com/dotnet/announcements/issues/277
Issue Tracking Mitigation Vendor Advisory
https://github.com/dotnet/core/blob/e4613450ea0da7fd...
Product Release Notes
https://github.com/eclipse/jetty.project/issues/10679
Issue Tracking
https://github.com/envoyproxy/envoy/pull/30055
Issue Tracking Patch
https://github.com/etcd-io/etcd/issues/16740
Issue Tracking Patch
https://github.com/facebook/proxygen/pull/466
Issue Tracking Patch
https://github.com/golang/go/issues/63417
Issue Tracking
https://github.com/grpc/grpc-go/pull/6703
Issue Tracking Patch
https://github.com/h2o/h2o/pull/3291
Issue Tracking Patch
https://github.com/h2o/h2o/security/advisories/GHSA-...
Vendor Advisory
https://github.com/haproxy/haproxy/issues/2312
Issue Tracking
https://github.com/icing/mod_h2/blob/0a864782af0a942...
Product
https://github.com/junkurihara/rust-rpxy/issues/97
Issue Tracking
https://github.com/kazu-yamamoto/http2/commit/f61d41...
Patch
https://github.com/kazu-yamamoto/http2/issues/93
Issue Tracking
https://github.com/kubernetes/kubernetes/pull/121120
Issue Tracking Patch
https://github.com/line/armeria/pull/5232
Issue Tracking Patch
https://github.com/linkerd/website/pull/1695/commits...
Patch
https://github.com/micrictor/http2-rst-stream
Exploit Third Party Advisory
https://github.com/microsoft/CBL-Mariner/pull/6381
Issue Tracking Patch
https://github.com/netty/netty/commit/58f75f665aa81a...
Patch
https://github.com/nghttp2/nghttp2/pull/1961
Issue Tracking Patch
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
Release Notes
https://github.com/ninenines/cowboy/issues/1615
Issue Tracking
https://github.com/nodejs/node/pull/50121
Issue Tracking
https://github.com/openresty/openresty/issues/930
Issue Tracking
https://github.com/opensearch-project/data-prepper/i...
Issue Tracking Patch
https://github.com/oqtane/oqtane.framework/discussio...
Issue Tracking
https://github.com/projectcontour/contour/pull/5826
Issue Tracking Patch
https://github.com/tempesta-tech/tempesta/issues/1986
Issue Tracking
https://github.com/varnishcache/varnish-cache/issues...
Issue Tracking
https://groups.google.com/g/golang-announce/c/iNNxDT...
Mailing List Release Notes Vendor Advisory
https://istio.io/latest/news/security/istio-security...
Vendor Advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
Vendor Advisory
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o4...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/10...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/11...
Mailing List
https://lists.debian.org/debian-lts-announce/2023/11...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://lists.fedoraproject.org/archives/list/packag...
Mailing List Third Party Advisory
https://lists.w3.org/Archives/Public/ietf-http-wg/20...
Mailing List Third Party Advisory
https://mailman.nginx.org/pipermail/nginx-devel/2023...
Mailing List Patch Third Party Advisory
https://martinthomson.github.io/h2-stream-limits/dra...
Third Party Advisory
https://msrc.microsoft.com/blog/2023/10/microsoft-re...
Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerabilit...
Mitigation Patch Vendor Advisory
https://my.f5.com/manage/s/article/K000137106
Vendor Advisory
https://netty.io/news/2023/10/10/4-1-100-Final.html
Release Notes Vendor Advisory
https://news.ycombinator.com/item?id=37830987
Issue Tracking
https://news.ycombinator.com/item?id=37830998
Issue Tracking Press/Media Coverage
https://news.ycombinator.com/item?id=37831062
Issue Tracking
https://news.ycombinator.com/item?id=37837043
Issue Tracking
https://openssf.org/blog/2023/10/10/http-2-rapid-res...
Third Party Advisory
https://seanmonstar.com/post/730794151136935936/hype...
Third Party Advisory
https://security.gentoo.org/glsa/202311-09
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231016-0...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240426-0...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0...
Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0...
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2023-44487
Vendor Advisory
https://tomcat.apache.org/security-10.html#Fixed_in_...
Release Notes
https://ubuntu.com/security/CVE-2023-44487
Vendor Advisory
https://www.bleepingcomputer.com/news/security/new-h...
Third Party Advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/h...
Third Party Advisory US Government Resource
https://www.darkreading.com/cloud/internet-wide-zero...
Press/Media Coverage Third Party Advisory
https://www.debian.org/security/2023/dsa-5521
Mailing List Vendor Advisory
https://www.debian.org/security/2023/dsa-5522
Mailing List Vendor Advisory
https://www.debian.org/security/2023/dsa-5540
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5549
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5558
Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5570
Third Party Advisory
https://www.haproxy.com/blog/haproxy-is-not-affected...
Third Party Advisory Vendor Advisory
https://www.netlify.com/blog/netlify-successfully-mi...
Vendor Advisory
https://www.nginx.com/blog/http-2-rapid-reset-attack...
Mitigation Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/10/...
Mailing List Third Party Advisory
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
Press/Media Coverage
https://www.theregister.com/2023/10/10/http2_rapid_r...
Press/Media Coverage Third Party Advisory
https://www.vicarius.io/vsociety/posts/rapid-reset-c...
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

📦 Affected Products 276

Vendor Product Status Affected Versions
apache tomcat Affected
≥ 10.1.0 ≤ 10.1.13
apache tomcat Affected
≥ 8.5.0 ≤ 8.5.93
apache tomcat Affected
≥ 9.0.0 ≤ 9.0.80
apache tomcat Affected
v11.0.0
cisco ios_xr Affected
< 7.11.2
cisco unified_contact_center_enterprise Affected
v-
debian debian_linux Affected
v10.0
debian debian_linux Affected
v11.0
debian debian_linux Affected
v12.0
f5 big-ip_local_traffic_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_local_traffic_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_local_traffic_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_local_traffic_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_local_traffic_manager Affected
v17.1.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
fedoraproject fedora Affected
v37
fedoraproject fedora Affected
v38
cisco ios_xe Affected
< 17.15.1
cisco nx-os Affected
< 10.2\(7\)
cisco nx-os Affected
≥ 10.3\(1\) < 10.3\(5\)
cisco nx-os Affected
≥ 10.4\(1\) < 10.4\(2\)
redhat jboss_enterprise_application_platform Affected
v6.0.0
redhat jboss_enterprise_application_platform Affected
v7.0.0
apache traffic_server Affected
≥ 8.0.0 < 8.1.9
apache traffic_server Affected
≥ 9.0.0 < 9.2.3
cisco telepresence_video_communication_server Affected
< x14.3.3
f5 big-ip_global_traffic_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_global_traffic_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_global_traffic_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_global_traffic_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_global_traffic_manager Affected
v17.1.0
f5 big-ip_application_security_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_application_security_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_application_security_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_application_security_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_application_security_manager Affected
v17.1.0
redhat openshift Affected
v-
cisco prime_infrastructure Affected
< 3.10.4
f5 big-ip_access_policy_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_access_policy_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_access_policy_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_access_policy_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_access_policy_manager Affected
v17.1.0
redhat jboss_fuse Affected
v6.0.0
redhat jboss_fuse Affected
v7.0.0
redhat jboss_a-mq Affected
v7
cisco prime_network_registrar Affected
< 11.2
apache solr Affected
< 9.4.0
f5 big-ip_application_acceleration_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_application_acceleration_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_application_acceleration_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_application_acceleration_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_application_acceleration_manager Affected
v17.1.0
f5 big-ip_advanced_firewall_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_advanced_firewall_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_advanced_firewall_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_advanced_firewall_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_advanced_firewall_manager Affected
v17.1.0
f5 big-ip_analytics Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_analytics Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_analytics Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_analytics Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_analytics Affected
v17.1.0
f5 big-ip_link_controller Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_link_controller Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_link_controller Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_link_controller Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_link_controller Affected
v17.1.0
f5 big-ip_policy_enforcement_manager Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_policy_enforcement_manager Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_policy_enforcement_manager Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_policy_enforcement_manager Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_policy_enforcement_manager Affected
v17.1.0
f5 big-ip_webaccelerator Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_webaccelerator Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_webaccelerator Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_webaccelerator Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_webaccelerator Affected
v17.1.0
nodejs node.js Affected
≥ 18.0.0 < 18.18.2
nodejs node.js Affected
≥ 20.0.0 < 20.8.1
f5 big-ip_domain_name_system Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_domain_name_system Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_domain_name_system Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_domain_name_system Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_domain_name_system Affected
v17.1.0
nghttp2 nghttp2 Affected
< 1.57.0
cisco fog_director Affected
< 1.22
golang go Affected
< 1.20.10
golang go Affected
≥ 1.21.0 < 1.21.3
redhat satellite Affected
v6.0
jenkins jenkins Affected
≤ 2.414.2
jenkins jenkins Affected
≤ 2.427
microsoft windows_server_2016 Affected
v-
cisco expressway Affected
< x14.3.3
f5 big-ip_websafe Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_websafe Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_websafe Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_websafe Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_websafe Affected
v17.1.0
cisco firepower_threat_defense Affected
< 7.4.2
eclipse jetty Affected
≥ 10.0.0 < 10.0.17
eclipse jetty Affected
≥ 11.0.0 < 11.0.17
eclipse jetty Affected
≥ 12.0.0 < 12.0.2
eclipse jetty Affected
< 9.4.53
grpc grpc Affected
< 1.56.3
grpc grpc Affected
≥ 1.58.0 < 1.58.3
grpc grpc Affected
≤ 1.59.2
grpc grpc Affected
v1.57.0
cisco data_center_network_manager Affected
v-
cisco iot_field_network_director Affected
< 4.11.0
microsoft asp.net_core Affected
≥ 6.0.0 < 6.0.23
microsoft asp.net_core Affected
≥ 7.0.0 < 7.0.12
redhat ceph_storage Affected
v5.0
redhat jboss_data_grid Affected
v7.0.0
redhat openshift_container_platform Affected
v4.0
f5 big-ip_fraud_protection_service Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_fraud_protection_service Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_fraud_protection_service Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_fraud_protection_service Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_fraud_protection_service Affected
v17.1.0
redhat jboss_core_services Affected
v-
redhat decision_manager Affected
v7.0
cisco prime_access_registrar Affected
< 9.3.3
cisco connected_mobile_experiences Affected
< 11.1
netapp oncommand_insight Affected
v-
envoyproxy envoy Affected
v1.24.10
envoyproxy envoy Affected
v1.25.9
envoyproxy envoy Affected
v1.26.4
envoyproxy envoy Affected
v1.27.0
istio istio Affected
< 1.17.6
istio istio Affected
≥ 1.18.0 < 1.18.3
istio istio Affected
≥ 1.19.0 < 1.19.1
cisco enterprise_chat_and_email Affected
v-
microsoft windows_server_2019 Affected
v-
redhat single_sign-on Affected
v7.0
dena h2o Affected
< 2023-10-10
caddyserver caddy Affected
< 2.7.5
openresty openresty Affected
< 1.21.4.3
facebook proxygen Affected
< 2023.10.16.00
netty netty Affected
< 4.1.100
linecorp armeria Affected
< 1.26.0
redhat process_automation Affected
v7.0
redhat quay Affected
v3.0.0
redhat openshift_service_mesh Affected
v2.0
akka http_server Affected
< 10.5.3
redhat openstack_platform Affected
v16.1
redhat openstack_platform Affected
v16.2
redhat openstack_platform Affected
v17.1
projectcontour contour Affected
< 2023-10-11
f5 big-ip_advanced_web_application_firewall Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_advanced_web_application_firewall Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_advanced_web_application_firewall Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_advanced_web_application_firewall Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_advanced_web_application_firewall Affected
v17.1.0
f5 big-ip_ddos_hybrid_defender Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_ddos_hybrid_defender Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_ddos_hybrid_defender Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_ddos_hybrid_defender Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_ddos_hybrid_defender Affected
v17.1.0
f5 big-ip_ssl_orchestrator Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_ssl_orchestrator Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_ssl_orchestrator Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_ssl_orchestrator Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_ssl_orchestrator Affected
v17.1.0
apache apisix Affected
< 3.6.1
redhat openshift_virtualization Affected
v4
microsoft azure_kubernetes_service Affected
< 2023-10-08
redhat advanced_cluster_management_for_kubernetes Affected
v2.0
f5 big-ip_carrier-grade_nat Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_carrier-grade_nat Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_carrier-grade_nat Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_carrier-grade_nat Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_carrier-grade_nat Affected
v17.1.0
microsoft .net Affected
≥ 6.0.0 < 6.0.23
microsoft .net Affected
≥ 7.0.0 < 7.0.12
f5 big-ip_application_visibility_and_reporting Affected
≥ 13.1.0 ≤ 13.1.5
f5 big-ip_application_visibility_and_reporting Affected
≥ 14.1.0 ≤ 14.1.5
f5 big-ip_application_visibility_and_reporting Affected
≥ 15.1.0 ≤ 15.1.10
f5 big-ip_application_visibility_and_reporting Affected
≥ 16.1.0 ≤ 16.1.4
f5 big-ip_application_visibility_and_reporting Affected
v17.1.0
redhat build_of_quarkus Affected
v-
redhat integration_camel_k Affected
v-
konghq kong_gateway Affected
< 3.4.2
redhat ansible_automation_platform Affected
v2.0
redhat integration_service_registry Affected
v-
traefik traefik Affected
< 2.10.5
traefik traefik Affected
v3.0.0
microsoft windows_server_2022 Affected
v-
f5 nginx Affected
≥ 1.9.5 ≤ 1.25.2
cisco crosswork_data_gateway Affected
< 4.1.3
cisco crosswork_data_gateway Affected
≥ 5.0.0 < 5.0.2
cisco crosswork_zero_touch_provisioning Affected
< 6.0.0
microsoft visual_studio_2022 Affected
≥ 17.0 < 17.2.20
microsoft visual_studio_2022 Affected
≥ 17.4 < 17.4.12
microsoft visual_studio_2022 Affected
≥ 17.6 < 17.6.8
microsoft visual_studio_2022 Affected
≥ 17.7 < 17.7.5
cisco unified_contact_center_management_portal Affected
v-
apple swiftnio_http\/2 Affected
< 1.28.0
redhat openshift_gitops Affected
v-
f5 nginx_ingress_controller Affected
≥ 2.0.0 ≤ 2.4.2
f5 nginx_ingress_controller Affected
≥ 3.0.0 ≤ 3.3.0
varnish_cache_project varnish_cache Affected
< 2023-10-10
redhat openshift_serverless Affected
v-
redhat advanced_cluster_security Affected
v3.0
redhat advanced_cluster_security Affected
v4.0
microsoft windows_11_22h2 Affected
< 10.0.22621.2428
f5 nginx_plus Affected
≥ r25 < r29
f5 nginx_plus Affected
vr29
f5 nginx_plus Affected
vr30
microsoft windows_10_1809 Affected
< 10.0.17763.4974
microsoft windows_10_21h2 Affected
< 10.0.19044.3570
microsoft windows_10_22h2 Affected
< 10.0.19045.3570
microsoft windows_10_1607 Affected
< 10.0.14393.6351
golang http2 Affected
< 0.17.0
microsoft windows_11_21h2 Affected
< 10.0.22000.2538
redhat integration_camel_for_spring_boot Affected
v-
redhat migration_toolkit_for_applications Affected
v6.0
f5 big-ip_next_service_proxy_for_kubernetes Affected
≥ 1.5.0 ≤ 1.8.2
redhat openshift_api_for_data_protection Affected
v-
redhat openshift_developer_tools_and_services Affected
v-
golang networking Affected
< 0.17.0
redhat build_of_optaplanner Affected
v8.0
microsoft cbl-mariner Affected
< 2023-10-11
f5 big-ip_next Affected
v20.0.1
amazon opensearch_data_prepper Affected
< 2.5.0
kazu-yamamoto http2 Affected
< 4.2.2
linkerd linkerd Affected
≥ 2.12.0 ≤ 2.12.5
linkerd linkerd Affected
v2.13.0
linkerd linkerd Affected
v2.13.1
linkerd linkerd Affected
v2.14.0
linkerd linkerd Affected
v2.14.1
redhat openshift_data_science Affected
v-
redhat 3scale_api_management_platform Affected
v2.0
redhat cert-manager_operator_for_red_hat_openshift Affected
v-
redhat certification_for_red_hat_enterprise_linux Affected
v8.0
redhat certification_for_red_hat_enterprise_linux Affected
v9.0
redhat cost_management Affected
v-
redhat cryostat Affected
v2.0
redhat fence_agents_remediation_operator Affected
v-
redhat jboss_a-mq_streams Affected
v-
redhat logging_subsystem_for_red_hat_openshift Affected
v-
redhat machine_deletion_remediation_operator Affected
v-
redhat migration_toolkit_for_containers Affected
v-
redhat migration_toolkit_for_virtualization Affected
v-
redhat network_observability_operator Affected
v-
redhat node_healthcheck_operator Affected
v-
redhat node_maintenance_operator Affected
v-
redhat openshift_container_platform_assisted_installer Affected
v-
redhat openshift_dev_spaces Affected
v-
redhat openshift_distributed_tracing Affected
v-
redhat openshift_pipelines Affected
v-
redhat openshift_sandboxed_containers Affected
v-
redhat openshift_secondary_scheduler_operator Affected
v-
redhat run_once_duration_override_operator Affected
v-
redhat self_node_remediation_operator Affected
v-
redhat service_interconnect Affected
v1.0
redhat support_for_spring_boot Affected
v-
redhat web_terminal Affected
v-
redhat service_telemetry_framework Affected
v1.5
netapp astra_control_center Affected
v-
cisco ultra_cloud_core_-_policy_control_function Affected
< 2024.01.0
cisco ultra_cloud_core_-_policy_control_function Affected
v2024.01.0
cisco unified_contact_center_domain_manager Affected
v-
cisco unified_attendant_console_advanced Affected
v-
ietf http Affected
v2.0
cisco business_process_automation Affected
< 3.2.003.009
cisco crosswork_situation_manager Affected
v-
cisco prime_cable_provisioning Affected
< 7.2.1
cisco secure_dynamic_attributes_connector Affected
< 2.2.0
cisco secure_malware_analytics Affected
< 2.19.2
cisco ultra_cloud_core_-_serving_gateway_function Affected
< 2024.02.0
cisco ultra_cloud_core_-_session_management_function Affected
< 2024.02.0
cisco unified_contact_center_enterprise_-_live_data_server Affected
< 12.6.2
cisco secure_web_appliance_firmware Affected
< 15.1.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-61726 ⚠️ high 7.5 0.0 The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query p... 2026-01-28
CVE-2025-61728 🔶 medium 6.5 0.0 archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is open... 2026-01-28
CVE-2025-61730 🔶 medium 5.3 0.0 During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instanc... 2026-01-28
CVE-2025-61731 ⚠️ high 7.8 0.0 Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of... 2026-01-28
CVE-2025-68119 ⚠️ high 7.0 0.0 Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercuria... 2026-01-28
CVE-2025-68670 ⛔ critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
These CVEs affect the same products