https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 18 Jun 2026 22:15:00 +0000 https://vulnerability.circl.lu/sighting/5deb8747-68b6-4ef6-92d5-fcefa42cff57/export {"uuid": "5deb8747-68b6-4ef6-92d5-fcefa42cff57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/lmolkova/a8deca8726d3e185e2644f43182b54be", "content": "", "creation_timestamp": "2026-01-01T20:10:51.000000Z"} {"uuid": "5deb8747-68b6-4ef6-92d5-fcefa42cff57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/lmolkova/a8deca8726d3e185e2644f43182b54be", "content": "", "creation_timestamp": "2026-01-01T20:10:51.000000Z"} https://vulnerability.circl.lu/sighting/5deb8747-68b6-4ef6-92d5-fcefa42cff57/export Thu, 01 Jan 2026 20:10:51 +0000 https://vulnerability.circl.lu/sighting/e338b053-3127-46c8-97ab-5f86d43f1c3b/export {"uuid": "e338b053-3127-46c8-97ab-5f86d43f1c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-44487", "type": "seen", "source": "https://gist.github.com/alon710/fd16799ed4000acf29f2381f06df6070", "content": "", "creation_timestamp": "2026-01-24T21:32:22.000000Z"} {"uuid": "e338b053-3127-46c8-97ab-5f86d43f1c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-44487", "type": "seen", "source": "https://gist.github.com/alon710/fd16799ed4000acf29f2381f06df6070", "content": "", "creation_timestamp": "2026-01-24T21:32:22.000000Z"} https://vulnerability.circl.lu/sighting/e338b053-3127-46c8-97ab-5f86d43f1c3b/export Sat, 24 Jan 2026 21:32:22 +0000 https://vulnerability.circl.lu/sighting/590a3ca9-726e-47e0-978f-ca645677e619/export {"uuid": "590a3ca9-726e-47e0-978f-ca645677e619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/alon710/090ce152a99e7d6c37ffe600ece932cd", "content": "", "creation_timestamp": "2026-01-24T21:32:26.000000Z"} {"uuid": "590a3ca9-726e-47e0-978f-ca645677e619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/alon710/090ce152a99e7d6c37ffe600ece932cd", "content": "", "creation_timestamp": "2026-01-24T21:32:26.000000Z"} https://vulnerability.circl.lu/sighting/590a3ca9-726e-47e0-978f-ca645677e619/export Sat, 24 Jan 2026 21:32:26 +0000 https://vulnerability.circl.lu/sighting/d705edc8-400f-411b-8191-b91cbf17b162/export {"uuid": "d705edc8-400f-411b-8191-b91cbf17b162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-44487", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4441842a-dcf2-4b86-a575-007bad2b482a", "content": "", "creation_timestamp": "2026-02-02T12:26:48.814572Z"} {"uuid": "d705edc8-400f-411b-8191-b91cbf17b162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-44487", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4441842a-dcf2-4b86-a575-007bad2b482a", "content": "", "creation_timestamp": "2026-02-02T12:26:48.814572Z"} https://vulnerability.circl.lu/sighting/d705edc8-400f-411b-8191-b91cbf17b162/export Mon, 02 Feb 2026 12:26:48 +0000 https://vulnerability.circl.lu/sighting/1627e2ff-06a1-41b3-a2a6-182caced2241/export {"uuid": "1627e2ff-06a1-41b3-a2a6-182caced2241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/vietj/6cb0297e7881e7ddfbf29a64848fb7c7", "content": "", "creation_timestamp": "2026-03-03T09:26:42.000000Z"} {"uuid": "1627e2ff-06a1-41b3-a2a6-182caced2241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/vietj/6cb0297e7881e7ddfbf29a64848fb7c7", "content": "", "creation_timestamp": "2026-03-03T09:26:42.000000Z"} https://vulnerability.circl.lu/sighting/1627e2ff-06a1-41b3-a2a6-182caced2241/export Tue, 03 Mar 2026 09:26:42 +0000 https://vulnerability.circl.lu/sighting/2d164614-88b7-48f8-8384-3a376a7f37ea/export {"uuid": "2d164614-88b7-48f8-8384-3a376a7f37ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0287/", "content": "", "creation_timestamp": "2026-03-13T00:00:00.000000Z"} {"uuid": "2d164614-88b7-48f8-8384-3a376a7f37ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0287/", "content": "", "creation_timestamp": "2026-03-13T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/2d164614-88b7-48f8-8384-3a376a7f37ea/export Fri, 13 Mar 2026 00:00:00 +0000 https://vulnerability.circl.lu/sighting/6cbc5d06-ab29-4cc9-8973-b0d5bfc1bf7e/export {"uuid": "6cbc5d06-ab29-4cc9-8973-b0d5bfc1bf7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} {"uuid": "6cbc5d06-ab29-4cc9-8973-b0d5bfc1bf7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/6cbc5d06-ab29-4cc9-8973-b0d5bfc1bf7e/export Thu, 19 Mar 2026 00:00:00 +0000 https://vulnerability.circl.lu/sighting/eeca493d-39d2-461b-9788-e609d9a41a8b/export {"uuid": "eeca493d-39d2-461b-9788-e609d9a41a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "published-proof-of-concept", "source": "Telegram/eiq80vTfK0uEvpSaVkLstXl9YEDfyEgGUyA39bKhe3J3sOM", "content": "", "creation_timestamp": "2026-04-24T09:00:04.000000Z"} {"uuid": "eeca493d-39d2-461b-9788-e609d9a41a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "published-proof-of-concept", "source": "Telegram/eiq80vTfK0uEvpSaVkLstXl9YEDfyEgGUyA39bKhe3J3sOM", "content": "", "creation_timestamp": "2026-04-24T09:00:04.000000Z"} https://vulnerability.circl.lu/sighting/eeca493d-39d2-461b-9788-e609d9a41a8b/export Fri, 24 Apr 2026 09:00:04 +0000 https://vulnerability.circl.lu/sighting/0021d796-5f6d-4036-afaa-6f1565f865d5/export {"uuid": "0021d796-5f6d-4036-afaa-6f1565f865d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "published-proof-of-concept", "source": "Telegram/bDRsekGT6KsUOKSAQI-KSXDhypQzzgL-gjqbTcCXe2h_h6A", "content": "", "creation_timestamp": "2026-05-15T21:00:05.000000Z"} {"uuid": "0021d796-5f6d-4036-afaa-6f1565f865d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "published-proof-of-concept", "source": "Telegram/bDRsekGT6KsUOKSAQI-KSXDhypQzzgL-gjqbTcCXe2h_h6A", "content": "", "creation_timestamp": "2026-05-15T21:00:05.000000Z"} https://vulnerability.circl.lu/sighting/0021d796-5f6d-4036-afaa-6f1565f865d5/export Fri, 15 May 2026 21:00:05 +0000 https://vulnerability.circl.lu/sighting/74181123-96eb-4cfb-b823-36bace3b3102/export {"uuid": "74181123-96eb-4cfb-b823-36bace3b3102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/ishideo/2ef9371157b4cfc12ab0e8d4afc0847b", "content": "# Introduction\n\nThis Gist aims to centralise the most relevant public sources of information related to the [HTTP/2](https://datatracker.ietf.org/doc/html/rfc7540) Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.\n\nPlease help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.\n\n# References\n\n- [CVE-2023-44487](https://cvepremium.circl.lu/cve/CVE-2023-44487), CIRCL CVE Search\n- [How AWS protects customers from DDoS events](https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/), AWS\n- [How it works: The novel HTTP/2 \u2018Rapid Reset\u2019 DDoS attack](https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack), Google\n- [HTTP/2 Rapid Reset: deconstructing the record-breaking attack](https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/), Cloudflare\n- [Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2](https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/), Microsoft \n- Potential mention of a [similar issue in 2018 concerning HAproxy](https://www.mail-archive.com/haproxy@formilux.org/msg44134.html)\n- [RFC7540 - Hypertext Transfer Protocol Version 2 (HTTP/2)](https://datatracker.ietf.org/doc/html/rfc7540)\n- [Security Advisory 2023-074 HTTP/2 Rapid Reset DDoS Vulnerability](https://www.cert.europa.eu/static/SecurityAdvisories/2023/CERT-EU-SA2023-074.pdf), CERT-EU\n- [HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487](https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487), CISA\n- [Using HTTP/3 Stream Limits in HTTP/2](https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html) - IETF draft to backport the HTTP/3 steam limits in HTTP/2\n\n# Vendor advisories and statements\n\n- [Apache Tomcat](https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e) - Fixed in 8.5.94\n- [AWS](https://aws.amazon.com/security/security-bulletins/AWS-2023-011/)\n- [F5](https://www.f5.com/company/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products)\n- [Golang](https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo)\n- [HAPROXY](https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487) - HAProxy is not affected by the HTTP/2 Rapid Reset Attack\n- [Kong](https://konghq.com/blog/product-releases/novel-http2-rapid-reset-ddos-vulnerability-update)\n- [Microsoft IIS](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487)\n- [Microsoft MsQuic](https://github.com/microsoft/msquic/releases/tag/v2.2.3) - Fixed in 2.2.3\n- [Netscaler](https://www.netscaler.com/blog/news/how-to-mitigate-the-http-2-rapid-reset-vulnerability-on-netscaler/)\n- [Nginx](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/)\n- [nghttp2 library](https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg) - Fixed in 1.57.0\n\n# Testing if HTTP/2 is enabled\n\n## OpenSSL\n\n~~~shell\necho 1 | openssl s_client -alpn h2 -connect google.com:443 -status 2>&1 | grep \"ALPN\"\n~~~\n\n## Nmap\n\n~~~shell\nnmap -p 443 --script=tls-nextprotoneg www.google.com\n~~~\n\n## curl\n\n~~~shell\ncurl -Is --http2-prior-knowledge https://example.com/| head -1\n~~~\n# Testing if it's vulnerable (use at your own risk)\n\n- [Basic vulnerability scanning tool to see if web servers may be vulnerable to CVE-2023-44487](https://github.com/bcdannyboy/CVE-2023-44487)\n- [Rapid Reset Client is a tool for testing mitigations and exposure to CVE-2023-44487 (Rapid Reset DDoS attack vector)](https://github.com/secengjeff/rapidresetclient)\n\n# Potential remediation\n\n### NGINX \n\n## can be configured to mitigate the vulnerability\n\n- Disabling HTTP/2 in NGINX is not necessary. Simply ensure you have configured:\n\n - `keepalive_requests` should be kept at the default setting of 1000 requests\n - `http2_max_concurrent_streams` should be kept at the default setting of 128 streams\n - `limit_conn` and `limit_req` should be set \"with a reasonable setting balancing application performance and security\"\n\n## If you want to remove `http2` support\n\n- Remove reference to `http2` in the listening part\n\n### DDoS protection / CDNs\n\nWeb apps that are behind the following DDoS protection providers / CDNs should not be impacted:\n\n- AWS\n- Cloudflare\n- Google Cloud\n- Microsoft Azure\n", "creation_timestamp": "2026-06-09T03:35:55.000000Z"} {"uuid": "74181123-96eb-4cfb-b823-36bace3b3102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-44487", "type": "seen", "source": "https://gist.github.com/ishideo/2ef9371157b4cfc12ab0e8d4afc0847b", "content": "# Introduction\n\nThis Gist aims to centralise the most relevant public sources of information related to the [HTTP/2](https://datatracker.ietf.org/doc/html/rfc7540) Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.\n\nPlease help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.\n\n# References\n\n- [CVE-2023-44487](https://cvepremium.circl.lu/cve/CVE-2023-44487), CIRCL CVE Search\n- [How AWS protects customers from DDoS events](https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/), AWS\n- [How it works: The novel HTTP/2 \u2018Rapid Reset\u2019 DDoS attack](https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack), Google\n- [HTTP/2 Rapid Reset: deconstructing the record-breaking attack](https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/), Cloudflare\n- [Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2](https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/), Microsoft \n- Potential mention of a [similar issue in 2018 concerning HAproxy](https://www.mail-archive.com/haproxy@formilux.org/msg44134.html)\n- [RFC7540 - Hypertext Transfer Protocol Version 2 (HTTP/2)](https://datatracker.ietf.org/doc/html/rfc7540)\n- [Security Advisory 2023-074 HTTP/2 Rapid Reset DDoS Vulnerability](https://www.cert.europa.eu/static/SecurityAdvisories/2023/CERT-EU-SA2023-074.pdf), CERT-EU\n- [HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487](https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487), CISA\n- [Using HTTP/3 Stream Limits in HTTP/2](https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html) - IETF draft to backport the HTTP/3 steam limits in HTTP/2\n\n# Vendor advisories and statements\n\n- [Apache Tomcat](https://github.com/apache/tomcat/commit/9cdfe25bad707f34b3e5da2994f3f1952a163c3e) - Fixed in 8.5.94\n- [AWS](https://aws.amazon.com/security/security-bulletins/AWS-2023-011/)\n- [F5](https://www.f5.com/company/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products)\n- [Golang](https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo)\n- [HAPROXY](https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487) - HAProxy is not affected by the HTTP/2 Rapid Reset Attack\n- [Kong](https://konghq.com/blog/product-releases/novel-http2-rapid-reset-ddos-vulnerability-update)\n- [Microsoft IIS](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487)\n- [Microsoft MsQuic](https://github.com/microsoft/msquic/releases/tag/v2.2.3) - Fixed in 2.2.3\n- [Netscaler](https://www.netscaler.com/blog/news/how-to-mitigate-the-http-2-rapid-reset-vulnerability-on-netscaler/)\n- [Nginx](https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/)\n- [nghttp2 library](https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg) - Fixed in 1.57.0\n\n# Testing if HTTP/2 is enabled\n\n## OpenSSL\n\n~~~shell\necho 1 | openssl s_client -alpn h2 -connect google.com:443 -status 2>&1 | grep \"ALPN\"\n~~~\n\n## Nmap\n\n~~~shell\nnmap -p 443 --script=tls-nextprotoneg www.google.com\n~~~\n\n## curl\n\n~~~shell\ncurl -Is --http2-prior-knowledge https://example.com/| head -1\n~~~\n# Testing if it's vulnerable (use at your own risk)\n\n- [Basic vulnerability scanning tool to see if web servers may be vulnerable to CVE-2023-44487](https://github.com/bcdannyboy/CVE-2023-44487)\n- [Rapid Reset Client is a tool for testing mitigations and exposure to CVE-2023-44487 (Rapid Reset DDoS attack vector)](https://github.com/secengjeff/rapidresetclient)\n\n# Potential remediation\n\n### NGINX \n\n## can be configured to mitigate the vulnerability\n\n- Disabling HTTP/2 in NGINX is not necessary. Simply ensure you have configured:\n\n - `keepalive_requests` should be kept at the default setting of 1000 requests\n - `http2_max_concurrent_streams` should be kept at the default setting of 128 streams\n - `limit_conn` and `limit_req` should be set \"with a reasonable setting balancing application performance and security\"\n\n## If you want to remove `http2` support\n\n- Remove reference to `http2` in the listening part\n\n### DDoS protection / CDNs\n\nWeb apps that are behind the following DDoS protection providers / CDNs should not be impacted:\n\n- AWS\n- Cloudflare\n- Google Cloud\n- Microsoft Azure\n", "creation_timestamp": "2026-06-09T03:35:55.000000Z"} https://vulnerability.circl.lu/sighting/74181123-96eb-4cfb-b823-36bace3b3102/export Tue, 09 Jun 2026 03:35:55 +0000