Known Exploited Vulnerabilities CVE-2023-44487 Mappings
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
This vulnerability is exploited through a 'Rapid Reset' flaw in HTTP/2 endpoints. Attackers initiate this vulnerability by sending a crafted sequence of HTTP requests using HEADERS followed by RST_STREAM frames. This allows them to generate substantial traffic on targeted servers, significantly increasing CPU usage and leading to resource exhaustion without authentication.
This vulnerability is exploited through a 'Rapid Reset' flaw in HTTP/2 endpoints. Attackers initiate this vulnerability by sending a crafted sequence of HTTP requests using HEADERS followed by RST_STREAM frames. This allows them to generate substantial traffic on targeted servers, significantly increasing CPU usage and leading to resource exhaustion without authentication.
