oss-sec mailing list archives
Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
From: Jonathan Wright <jonathan () almalinux org>
Date: Fri, 13 Oct 2023 09:01:36 -0500
OpenLitespeed is not impacted: https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ On Tue, Oct 10, 2023 at 2:23 PM Moritz Muehlenhoff <jmm () inutil org> wrote:
On Tue, Oct 10, 2023 at 11:40:06AM -0700, Alan Coopersmith wrote:Information I've found so far on open source implementations (most viathecurrent listings in the CVE) include:Apache Trafficserver is also affected: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q Cheers, Moritz
-- Jonathan Wright AlmaLinux Foundation Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>
Current thread:
- CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Alan Coopersmith (Oct 10)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Moritz Muehlenhoff (Oct 10)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Jonathan Wright (Oct 13)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Steffen Nurpmeso (Oct 13)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Jonathan Wright (Oct 13)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Alan Coopersmith (Oct 18)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Alan Coopersmith (Oct 20)
- Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations Moritz Muehlenhoff (Oct 10)