高危 HTTP/2 Rapid Reset 拒绝服务漏洞 (CVE-2023-44487)
CVE编号
CVE-2023-44487利用情况
POC 已公开补丁情况
官方补丁披露时间
2023-10-13漏洞描述
HTTP/2协议允许客户端通过发送RST_STREAM帧来指示服务器应该取消之前的流。该协议允许客户端单方面请求取消,这种攻击被称为快速重置。在HTTP/2快速重置攻击中,客户端一次打开大量流,但不等待服务器或代理对每个请求流的响应,而是立即取消每个请求,通过大规模利用请求-取消-请求-取消快速重置攻击,会导致服务器CPU资源快速消耗,达到DoS。解决建议
协议漏洞,建议关闭HTTP/2协议,降级到HTTP/1.1,或更新各类产品相关安全设置,比如nginx默认配置下最多保持1000个HTTP连接,只要服务器性能不太差默认配置下不受该漏洞影响;而jetty则受漏洞影响,需要更新至最新安全版本。受影响软件情况
# | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
1 | |||||||||
---|---|---|---|---|---|---|---|---|---|
运行在以下环境 | |||||||||
应用 | akka | http_server | * | Up to (excluding) 10.5.3 | |||||
运行在以下环境 | |||||||||
应用 | amazon | opensearch_data_prepper | * | Up to (excluding) 2.5.0 | |||||
运行在以下环境 | |||||||||
应用 | apache | apisix | * | Up to (excluding) 3.6.1 | |||||
运行在以下环境 | |||||||||
应用 | apache | solr | * | Up to (excluding) 9.4.0 | |||||
运行在以下环境 | |||||||||
应用 | apache | tomcat | * | From (including) 10.1.0 | Up to (including) 10.1.13 | ||||
运行在以下环境 | |||||||||
应用 | apache | tomcat | * | From (including) 8.5.0 | Up to (including) 8.5.93 | ||||
运行在以下环境 | |||||||||
应用 | apache | tomcat | * | From (including) 9.0.0 | Up to (including) 9.0.80 | ||||
运行在以下环境 | |||||||||
应用 | apache | tomcat | 11.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | apache | traffic_server | * | From (including) 8.0.0 | Up to (excluding) 8.1.9 | ||||
运行在以下环境 | |||||||||
应用 | apache | traffic_server | * | From (including) 9.0.0 | Up to (excluding) 9.2.3 | ||||
运行在以下环境 | |||||||||
应用 | apple | swiftnio_http/2 | * | Up to (excluding) 1.28.0 | |||||
运行在以下环境 | |||||||||
应用 | caddyserver | caddy | * | Up to (excluding) 2.7.5 | |||||
运行在以下环境 | |||||||||
应用 | dena | h2o | * | Up to (excluding) 2023-10-10 | |||||
运行在以下环境 | |||||||||
应用 | eclipse | jetty | * | Up to (excluding) 9.4.53 | |||||
运行在以下环境 | |||||||||
应用 | eclipse | jetty | * | From (including) 10.0.0 | Up to (excluding) 10.0.17 | ||||
运行在以下环境 | |||||||||
应用 | eclipse | jetty | * | From (including) 11.0.0 | Up to (excluding) 11.0.17 | ||||
运行在以下环境 | |||||||||
应用 | eclipse | jetty | * | From (including) 12.0.0 | Up to (excluding) 12.0.2 | ||||
运行在以下环境 | |||||||||
应用 | envoyproxy | envoy | 1.24.10 | - | |||||
运行在以下环境 | |||||||||
应用 | envoyproxy | envoy | 1.25.9 | - | |||||
运行在以下环境 | |||||||||
应用 | envoyproxy | envoy | 1.26.4 | - | |||||
运行在以下环境 | |||||||||
应用 | envoyproxy | envoy | 1.27.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_access_policy_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_access_policy_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_access_policy_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_access_policy_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_access_policy_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_firewall_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_firewall_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_firewall_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_firewall_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_firewall_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_web_application_firewall | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_web_application_firewall | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_web_application_firewall | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_web_application_firewall | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_advanced_web_application_firewall | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_analytics | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_analytics | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_analytics | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_analytics | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_analytics | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_acceleration_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_acceleration_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_acceleration_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_acceleration_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_acceleration_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_security_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_security_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_security_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_security_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_security_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_visibility_and_reporting | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_visibility_and_reporting | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_visibility_and_reporting | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_visibility_and_reporting | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_application_visibility_and_reporting | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_carrier-grade_nat | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_carrier-grade_nat | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_carrier-grade_nat | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_carrier-grade_nat | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_carrier-grade_nat | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ddos_hybrid_defender | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ddos_hybrid_defender | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ddos_hybrid_defender | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ddos_hybrid_defender | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ddos_hybrid_defender | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_domain_name_system | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_domain_name_system | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_domain_name_system | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_domain_name_system | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_domain_name_system | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_fraud_protection_service | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_fraud_protection_service | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_fraud_protection_service | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_fraud_protection_service | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_fraud_protection_service | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_global_traffic_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_global_traffic_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_global_traffic_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_global_traffic_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_global_traffic_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_link_controller | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_link_controller | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_link_controller | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_link_controller | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_link_controller | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_local_traffic_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_local_traffic_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_local_traffic_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_local_traffic_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_local_traffic_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_next | 20.0.1 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_next_service_proxy_for_kubernetes | * | From (including) 1.5.0 | Up to (including) 1.8.2 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_policy_enforcement_manager | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_policy_enforcement_manager | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_policy_enforcement_manager | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_policy_enforcement_manager | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_policy_enforcement_manager | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ssl_orchestrator | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ssl_orchestrator | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ssl_orchestrator | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ssl_orchestrator | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_ssl_orchestrator | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_webaccelerator | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_webaccelerator | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_webaccelerator | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_webaccelerator | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_webaccelerator | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_websafe | * | From (including) 13.1.0 | Up to (including) 13.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_websafe | * | From (including) 14.1.0 | Up to (including) 14.1.5 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_websafe | * | From (including) 15.1.0 | Up to (including) 15.1.10 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_websafe | * | From (including) 16.1.0 | Up to (including) 16.1.4 | ||||
运行在以下环境 | |||||||||
应用 | f5 | big-ip_websafe | 17.1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | nginx | * | From (including) 1.9.5 | Up to (including) 1.25.2 | ||||
运行在以下环境 | |||||||||
应用 | f5 | nginx_ingress_controller | * | From (including) 2.0.0 | Up to (including) 2.4.2 | ||||
运行在以下环境 | |||||||||
应用 | f5 | nginx_ingress_controller | * | From (including) 3.0.0 | Up to (including) 3.3.0 | ||||
运行在以下环境 | |||||||||
应用 | f5 | nginx_plus | * | From (including) r25 | Up to (excluding) r29 | ||||
运行在以下环境 | |||||||||
应用 | f5 | nginx_plus | r29 | - | |||||
运行在以下环境 | |||||||||
应用 | f5 | nginx_plus | r30 | - | |||||
运行在以下环境 | |||||||||
应用 | proxygen | * | Up to (excluding) 2023.10.16.00 | ||||||
运行在以下环境 | |||||||||
应用 | golang | go | * | Up to (excluding) 1.20.10 | |||||
运行在以下环境 | |||||||||
应用 | golang | go | * | From (including) 1.21.0 | Up to (excluding) 1.21.3 | ||||
运行在以下环境 | |||||||||
应用 | golang | http2 | * | Up to (excluding) 0.17.0 | |||||
运行在以下环境 | |||||||||
应用 | golang | networking | * | Up to (excluding) 0.17.0 | |||||
运行在以下环境 | |||||||||
应用 | grpc | grpc | * | Up to (excluding) 1.56.3 | |||||
运行在以下环境 | |||||||||
应用 | grpc | grpc | * | From (including) 1.58.0 | Up to (excluding) 1.58.3 | ||||
运行在以下环境 | |||||||||
应用 | grpc | grpc | 1.57.0 | - | |||||
运行在以下环境 | |||||||||
应用 | ietf | http | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | istio | istio | * | Up to (excluding) 1.17.6 | |||||
运行在以下环境 | |||||||||
应用 | istio | istio | * | From (including) 1.18.0 | Up to (excluding) 1.18.3 | ||||
运行在以下环境 | |||||||||
应用 | istio | istio | * | From (including) 1.19.0 | Up to (excluding) 1.19.1 | ||||
运行在以下环境 | |||||||||
应用 | jenkins | jenkins | * | Up to (including) 2.414.2 | |||||
运行在以下环境 | |||||||||
应用 | jenkins | jenkins | * | Up to (including) 2.427 | |||||
运行在以下环境 | |||||||||
应用 | kazu-yamamoto | http2 | * | Up to (excluding) 4.2.2 | |||||
运行在以下环境 | |||||||||
应用 | konghq | kong_gateway | * | Up to (excluding) 3.4.2 | |||||
运行在以下环境 | |||||||||
应用 | linecorp | armeria | * | Up to (excluding) 1.26.0 | |||||
运行在以下环境 | |||||||||
应用 | linkerd | linkerd | * | From (including) 2.12.0 | Up to (including) 2.12.5 | ||||
运行在以下环境 | |||||||||
应用 | linkerd | linkerd | 2.13.0 | - | |||||
运行在以下环境 | |||||||||
应用 | linkerd | linkerd | 2.13.1 | - | |||||
运行在以下环境 | |||||||||
应用 | linkerd | linkerd | 2.14.0 | - | |||||
运行在以下环境 | |||||||||
应用 | linkerd | linkerd | 2.14.1 | - | |||||
运行在以下环境 | |||||||||
应用 | microsoft | .net | * | From (including) 6.0.0 | Up to (excluding) 6.0.23 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | .net | * | From (including) 7.0.0 | Up to (excluding) 7.0.12 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | asp.net_core | * | From (including) 6.0.0 | Up to (excluding) 6.0.23 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | asp.net_core | * | From (including) 7.0.0 | Up to (excluding) 7.0.12 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | azure_kubernetes_service | * | Up to (excluding) 2023-10-08 | |||||
运行在以下环境 | |||||||||
应用 | microsoft | cbl-mariner | * | Up to (excluding) 2023-10-11 | |||||
运行在以下环境 | |||||||||
应用 | microsoft | visual_studio_2022 | * | From (including) 17.0 | Up to (excluding) 17.2.20 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | visual_studio_2022 | * | From (including) 17.4 | Up to (excluding) 17.4.12 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | visual_studio_2022 | * | From (including) 17.6 | Up to (excluding) 17.6.8 | ||||
运行在以下环境 | |||||||||
应用 | microsoft | visual_studio_2022 | * | From (including) 17.7 | Up to (excluding) 17.7.5 | ||||
运行在以下环境 | |||||||||
应用 | netapp | astra_control_center | - | - | |||||
运行在以下环境 | |||||||||
应用 | netty | netty | * | Up to (excluding) 4.1.100 | |||||
运行在以下环境 | |||||||||
应用 | nghttp2 | nghttp2 | * | Up to (excluding) 1.57.0 | |||||
运行在以下环境 | |||||||||
应用 | nodejs | node.js | * | From (including) 18.0.0 | Up to (excluding) 18.18.2 | ||||
运行在以下环境 | |||||||||
应用 | nodejs | node.js | * | From (including) 20.0.0 | Up to (excluding) 20.8.1 | ||||
运行在以下环境 | |||||||||
应用 | projectcontour | contour | * | Up to (excluding) 2023-10-11 | |||||
运行在以下环境 | |||||||||
应用 | redhat | 3scale_api_management_platform | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | advanced_cluster_management_for_kubernetes | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | advanced_cluster_security | 3.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | advanced_cluster_security | 4.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | ansible_automation_platform | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | build_of_optaplanner | 8.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | build_of_quarkus | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | ceph_storage | 5.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | cert-manager_operator_for_red_hat_openshift | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | certification_for_red_hat_enterprise_linux | 8.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | certification_for_red_hat_enterprise_linux | 9.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | cost_management | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | cryostat | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | decision_manager | 7.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | fence_agents_remediation_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | integration_camel_for_spring_boot | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | integration_camel_k | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | integration_service_registry | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_a-mq | 7 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_a-mq_streams | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_core_services | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_data_grid | 7.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_enterprise_application_platform | 6.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_enterprise_application_platform | 7.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_fuse | 6.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | jboss_fuse | 7.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | logging_subsystem_for_red_hat_openshift | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | machine_deletion_remediation_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | migration_toolkit_for_applications | 6.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | migration_toolkit_for_containers | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | migration_toolkit_for_virtualization | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | network_observability_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | node_healthcheck_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | node_maintenance_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_api_for_data_protection | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_container_platform | 4.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_container_platform_assisted_installer | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_data_science | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_developer_tools_and_services | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_dev_spaces | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_distributed_tracing | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_gitops | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_pipelines | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_sandboxed_containers | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_secondary_scheduler_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_serverless | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_service_mesh | 2.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openshift_virtualization | 4 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openstack_platform | 16.1 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openstack_platform | 16.2 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | openstack_platform | 17.1 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | process_automation | 7.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | quay | 3.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | run_once_duration_override_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | satellite | 6.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | self_node_remediation_operator | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | service_interconnect | 1.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | service_telemetry_framework | 1.5 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | single_sign-on | 7.0 | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | support_for_spring_boot | - | - | |||||
运行在以下环境 | |||||||||
应用 | redhat | web_terminal | - | - | |||||
运行在以下环境 | |||||||||
应用 | traefik | traefik | * | Up to (excluding) 2.10.5 | |||||
运行在以下环境 | |||||||||
应用 | traefik | traefik | 3.0.0 | - | |||||
运行在以下环境 | |||||||||
应用 | varnish_cache_project | varnish_cache | * | Up to (excluding) 2023-10-10 | |||||
运行在以下环境 | |||||||||
系统 | alpine_3.15 | nghttp2 | * | Up to (excluding) 1.4.73-r0 | |||||
运行在以下环境 | |||||||||
系统 | alpine_3.16 | lighttpd | * | Up to (excluding) 1.4.73-r0 | |||||
运行在以下环境 | |||||||||
系统 | alpine_3.17 | nghttp2 | * | Up to (excluding) 1.4.73-r0 | |||||
运行在以下环境 | |||||||||
系统 | alpine_3.18 | nghttp2 | * | Up to (excluding) 1.57.0-r0 | |||||
运行在以下环境 | |||||||||
系统 | alpine_edge | nghttp2 | * | Up to (excluding) 1.57.0-r0 | |||||
运行在以下环境 | |||||||||
系统 | amazon_2 | nginx | * | Up to (excluding) 1.amzn2 | |||||
运行在以下环境 | |||||||||
系统 | amazon_2023 | nginx | * | Up to (excluding) 1.amzn2023 | |||||
运行在以下环境 | |||||||||
系统 | amazon_AMI | nginx | * | Up to (excluding) 1.33.0-1.1.8.amzn1 | |||||
运行在以下环境 | |||||||||
系统 | anolis_os_23 | nghttp2 | * | Up to (excluding) 1.57.0-1 | |||||
运行在以下环境 | |||||||||
系统 | anolis_os_8 | grafana | * | Up to (excluding) 6.0.23-1.0.1 | |||||
运行在以下环境 | |||||||||
系统 | debian | debian_linux | 10.0 | - | |||||
运行在以下环境 | |||||||||
系统 | debian | debian_linux | 11.0 | - | |||||
运行在以下环境 | |||||||||
系统 | debian | debian_linux | 12.0 | - | |||||
运行在以下环境 | |||||||||
系统 | debian_10 | nghttp2 | * | Up to (excluding) 2.2.5+dfsg2-2+deb10u2 | |||||
运行在以下环境 | |||||||||
系统 | debian_11 | nghttp2 | * | Up to (including) 2.2.5+dfsg2-6 | |||||
运行在以下环境 | |||||||||
系统 | debian_12 | nghttp2 | * | Up to (including) 2.2.5+dfsg2-7 | |||||
运行在以下环境 | |||||||||
系统 | debian_sid | nghttp2 | * | Up to (excluding) 2.2.5+dfsg2-8 | |||||
运行在以下环境 | |||||||||
系统 | fedoraproject | fedora | 37 | - | |||||
运行在以下环境 | |||||||||
系统 | fedoraproject | fedora | 38 | - | |||||
运行在以下环境 | |||||||||
系统 | fedora_37 | nghttp2 | * | Up to (excluding) 18.18.2-1.fc37 | |||||
运行在以下环境 | |||||||||
系统 | fedora_38 | nghttp2 | * | Up to (excluding) 18.18.2-1.fc38 | |||||
运行在以下环境 | |||||||||
系统 | fedora_39 | nghttp2 | * | Up to (excluding) 18.18.2-1.fc39 | |||||
运行在以下环境 | |||||||||
系统 | fedora_40 | cachelib | * | Up to (excluding) 17^20231016-1.fc40 | |||||
运行在以下环境 | |||||||||
系统 | fedora_EPEL_7 | nghttp2 | * | Up to (excluding) 9.2.3-1.el7 | |||||
运行在以下环境 | |||||||||
系统 | fedora_EPEL_8 | nghttp2 | * | Up to (excluding) 9.2.3-1.el8 | |||||
运行在以下环境 | |||||||||
系统 | fedora_EPEL_9 | nghttp2 | * | Up to (excluding) 9.2.3-1.el9 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_10_1607 | * | Up to (excluding) 10.0.14393.6351 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_10_1809 | * | Up to (excluding) 10.0.17763.4974 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_10_21h2 | * | Up to (excluding) 10.0.19044.3570 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_10_22h2 | * | Up to (excluding) 10.0.19045.3570 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_11_21h2 | * | Up to (excluding) 10.0.22000.2538 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_11_22h2 | * | Up to (excluding) 10.0.22621.2428 | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_server_2016 | - | - | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_server_2019 | - | - | |||||
运行在以下环境 | |||||||||
系统 | microsoft | windows_server_2022 | - | - | |||||
运行在以下环境 | |||||||||
系统 | oracle_8 | oraclelinux-release | * | Up to (excluding) 7.0.112-1.0.1.el8_8 | |||||
运行在以下环境 | |||||||||
系统 | oracle_9 | oraclelinux-release | * | Up to (excluding) 7.0.112-1.0.1.el9_2 | |||||
运行在以下环境 | |||||||||
系统 | redhat | enterprise_linux | 6.0 | - | |||||
运行在以下环境 | |||||||||
系统 | redhat | enterprise_linux | 8.0 | - | |||||
运行在以下环境 | |||||||||
系统 | redhat | enterprise_linux | 9.0 | - | |||||
运行在以下环境 | |||||||||
系统 | redhat_7 | rhc-worker-script | * | Up to (excluding) 0.5-1.el7_9 | |||||
运行在以下环境 | |||||||||
系统 | redhat_8 | grafana-debuginfo | * | Up to (excluding) 7.0.112-1.el8_8 | |||||
运行在以下环境 | |||||||||
系统 | redhat_9 | varnish-docs | * | Up to (excluding) 1.20.1-14.el9_2.1 | |||||
运行在以下环境 | |||||||||
系统 | suse_12_SP5 | libnghttp2 | * | Up to (excluding) 1.39.2-3.13.1 | |||||
运行在以下环境 | |||||||||
系统 | ubuntu_22.04 | dotnet6 | * | Up to (excluding) 7.0.112-0ubuntu1~22.04.1 | |||||
运行在以下环境 | |||||||||
系统 | unionos_a | tomcat | * | Up to (excluding) nghttp2-1.41.0-5.uelc20.5 | |||||
运行在以下环境 | |||||||||
系统 | unionos_d | nghttp2 | * | Up to (excluding) 1.36.0.2-deepin1 | |||||
运行在以下环境 | |||||||||
系统 | unionos_e | nginx | * | Up to (excluding) nghttp2-1.41.0-5.uel20.5 | |||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 POC 已公开
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 传输被破坏
- 服务器危害 DoS
- 全网数量 N/A
CWE-ID | 漏洞类型 |
CWE-400 | 未加控制的资源消耗(资源穷尽) |
Exp相关链接
- avd.aliyun.com
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论