var-202310-0175
Vulnerability from variot
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Description:
IBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services.
IBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments.
This release updates the IBM Business Automation Manager Open Editions images to 8.0.4. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Dev Spaces 3.15.0 release Advisory ID: RHSA-2024:4631-03 Product: Red Hat OpenShift Dev Spaces Advisory URL: https://access.redhat.com/errata/RHSA-2024:4631 Issue date: 2024-07-18 Revision: 03 CVE Names: CVE-2022-3064 ====================================================================
Summary:
Red Hat OpenShift Dev Spaces 3.15 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Description:
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2022-3064
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces https://access.redhat.com/security/cve/CVE-2022-3064 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-28948 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2023-6378 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-41080 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/CVE-2023-45288 https://access.redhat.com/security/cve/CVE-2023-45648 https://issues.redhat.com/browse/CRW-6593
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.6.8" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "self node remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "migration toolkit for virtualization", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "openshift sandboxed containers", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "unified contact center enterprise - live data server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "12.6.2" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "prime cable provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.2.1" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "windows 10 22h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.19045.3570" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "10.1.0" }, { "model": "grpc", "scope": "gte", "trust": 1.0, "vendor": "grpc", "version": "1.58.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "9.0.80" }, { "model": "http", "scope": "eq", "trust": 1.0, "vendor": "ietf", "version": "2.0" }, { "model": "openshift pipelines", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.2\\(7\\)" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "10.1.13" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.14.1" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "3scale api management platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "advanced cluster security", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "kong gateway", "scope": "lt", "trust": 1.0, "vendor": "konghq", "version": "3.4.2" }, { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "6.0.0" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.2.20" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "jboss fuse", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "certification for red hat enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "12.0.0" }, { "model": "windows server 2022", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "9.0.0" }, { "model": "big-ip advanced firewall manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "windows 10 1809", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.17763.4974" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "istio", "scope": "gte", "trust": 1.0, "vendor": "istio", "version": "1.18.0" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": ".net", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "6.0.23" }, { "model": "firepower threat defense", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.4.2" }, { "model": "ios xr", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "7.11.2" }, { "model": "prime access registrar", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "9.3.3" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "azure kubernetes service", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "2023-10-08" }, { "model": "openresty", "scope": "lt", "trust": 1.0, "vendor": "openresty", "version": "1.21.4.3" }, { "model": "connected mobile experiences", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.1" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.5.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "swiftnio http\\/2", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "1.28.0" }, { "model": "asp.net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "6.0.23" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "nghttp2", "scope": "lt", "trust": 1.0, "vendor": "nghttp2", "version": "1.57.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "jenkins", "scope": "lte", "trust": 1.0, "vendor": "jenkins", "version": "2.414.2" }, { "model": "big-ip carrier-grade nat", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "20.0.0" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "3.3.0" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip domain name system", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "18.18.2" }, { "model": "traefik", "scope": "lt", "trust": 1.0, "vendor": "traefik", "version": "2.10.5" }, { "model": "astra control center", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "nginx plus", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r30" }, { "model": "cert-manager operator for red hat openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "go", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "1.21.3" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "jboss data grid", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "prime infrastructure", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "3.10.4" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "networking", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "0.17.0" }, { "model": "apisix", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "3.6.1" }, { "model": "nginx plus", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "r29" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "9.0" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.18.3" }, { "model": "decision manager", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "secure web appliance", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "15.1.0" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "ultra cloud core - policy control function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.01.0" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.19.1" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "secure malware analytics", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.19.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "18.0.0" }, { "model": "node maintenance operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip next service proxy for kubernetes", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.5.0" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "jenkins", "scope": "lte", "trust": 1.0, "vendor": "jenkins", "version": "2.427" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "secure dynamic attributes connector", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2.2.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "opensearch data prepper", "scope": "lt", "trust": 1.0, "vendor": "amazon", "version": "2.5.0" }, { "model": "ultra cloud core - policy control function", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "2024.01.0" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "node healthcheck operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.7" }, { "model": "integration camel k", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "openshift distributed tracing", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "asp.net core", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0.0" }, { "model": "service interconnect", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "big-ip ddos hybrid defender", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "run once duration override operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "9.4.53" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "prime network registrar", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "11.2" }, { "model": "big-ip websafe", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "unified contact center domain manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "process automation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "11.0.0" }, { "model": "nginx ingress controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "2.4.2" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "traffic server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "9.2.3" }, { "model": "big-ip websafe", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "10.0.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "openshift api for data protection", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "crosswork data gateway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.1.3" }, { "model": "support for spring boot", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "nx-os", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "10.3\\(5\\)" }, { "model": "armeria", "scope": "lt", "trust": 1.0, "vendor": "linecorp", "version": "1.26.0" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.4.12" }, { "model": "big-ip link controller", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "38" }, { "model": "traefik", "scope": "eq", "trust": 1.0, "vendor": "traefik", "version": "3.0.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "grpc", "scope": "lt", "trust": 1.0, "vendor": "grpc", "version": "1.58.3" }, { "model": "openshift gitops", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "crosswork data gateway", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "5.0" }, { "model": "caddy", "scope": "lt", "trust": 1.0, "vendor": "caddyserver", "version": "2.7.5" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "istio", "scope": "lt", "trust": 1.0, "vendor": "istio", "version": "1.17.6" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "ios xe", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "17.15.1" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip access policy manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "openshift serverless", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "nginx plus", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "r25" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "6.0.0" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "varnish cache", "scope": "lt", "trust": 1.0, "vendor": "varnish cache", "version": "2023-10-10" }, { "model": "jetty", "scope": "gte", "trust": 1.0, "vendor": "eclipse", "version": "11.0.0" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "20.8.1" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "crosswork zero touch provisioning", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "6.0.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "satellite", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "akka", "version": "10.5.3" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip application security manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip application acceleration manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip next", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "20.0.1" }, { "model": "openshift secondary scheduler operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "ultra cloud core - session management function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.02.0" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "3.0.0" }, { "model": "iot field network director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "4.11.0" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "go", "scope": "gte", "trust": 1.0, "vendor": "golang", "version": "1.21.0" }, { "model": "http2", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "0.17.0" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "machine deletion remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "build of optaplanner", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "37" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "10.0.17" }, { "model": "big-ip advanced web application firewall", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.25.9" }, { "model": "big-ip fraud protection service", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "12.0.2" }, { "model": "h2o", "scope": "lt", "trust": 1.0, "vendor": "dena", "version": "2023-10-10" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip carrier-grade nat", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "17.1" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.13.1" }, { "model": "cbl-mariner", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "2023-10-11" }, { "model": "grpc", "scope": "lt", "trust": 1.0, "vendor": "grpc", "version": "1.56.3" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "windows 11 22h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.22621.2428" }, { "model": "visual studio 2022", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "17.7.5" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.26.4" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip ssl orchestrator", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "http2", "scope": "lt", "trust": 1.0, "vendor": "kazu yamamoto", "version": "4.2.2" }, { "model": "jetty", "scope": "lt", "trust": 1.0, "vendor": "eclipse", "version": "11.0.17" }, { "model": "nginx plus", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "r29" }, { "model": "linkerd", "scope": "gte", "trust": 1.0, "vendor": "linkerd", "version": "2.12.0" }, { "model": "cost management", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "solr", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "9.4.0" }, { "model": "traffic server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "8.1.9" }, { "model": "contour", "scope": "lt", "trust": 1.0, "vendor": "projectcontour", "version": "2023-10-11" }, { "model": "telepresence video communication server", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "x14.3.3" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "integration camel for spring boot", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "windows 10 21h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.19044.3570" }, { "model": "fence agents remediation operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "ultra cloud core - serving gateway function", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "2024.02.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.14.0" }, { "model": "integration service registry", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "16.2" }, { "model": "openshift virtualization", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "openshift dev spaces", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "logging subsystem for red hat openshift", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "netty", "scope": "lt", "trust": 1.0, "vendor": "netty", "version": "4.1.100" }, { "model": "openshift data science", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "go", "scope": "lt", "trust": 1.0, "vendor": "golang", "version": "1.20.10" }, { "model": "fog director", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "1.22" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "linkerd", "scope": "lte", "trust": 1.0, "vendor": "linkerd", "version": "2.12.5" }, { "model": "big-ip next service proxy for kubernetes", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.8.2" }, { "model": ".net", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.12" }, { "model": "nx-os", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "10.3\\(1\\)" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "tomcat", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "9.0.0" }, { "model": "single sign-on", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openshift developer tools and services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "proxygen", "scope": "lt", "trust": 1.0, "vendor": "facebook", "version": "2023.10.16.00" }, { "model": "big-ip global traffic manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "expressway", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "x14.3.3" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip advanced web application firewall", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip policy enforcement manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "windows 10 1607", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.14393.6351" }, { "model": "jboss fuse", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "asp.net core", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "7.0.12" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "12.0" }, { "model": "data center network manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "cryostat", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "big-ip application visibility and reporting", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "tomcat", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.5.93" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "build of quarkus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.6" }, { "model": "big-ip ddos hybrid defender", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "jboss a-mq streams", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "web terminal", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "unified contact center management portal", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "visual studio 2022", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "17.4" }, { "model": "migration toolkit for applications", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "big-ip ssl orchestrator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.24.10" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip websafe", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "migration toolkit for containers", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "windows 11 21h2", "scope": "lt", "trust": 1.0, "vendor": "microsoft", "version": "10.0.22000.2538" }, { "model": ".net", "scope": "gte", "trust": 1.0, "vendor": "microsoft", "version": "7.0.0" }, { "model": "nginx", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "1.9.5" }, { "model": "certification for red hat enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "9.0" }, { "model": "big-ip advanced web application firewall", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "service telemetry framework", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.5" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "17.1.0" }, { "model": "jboss a-mq", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7" }, { "model": "enterprise chat and email", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "network observability operator", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "openstack platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "16.1" }, { "model": "nginx", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "1.25.2" }, { "model": "advanced cluster management for kubernetes", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "ansible automation platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.0" }, { "model": "grpc", "scope": "eq", "trust": 1.0, "vendor": "grpc", "version": "1.57.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.10" }, { "model": "advanced cluster security", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0" }, { "model": "big-ip ssl orchestrator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "nginx ingress controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "2.0.0" }, { "model": "grpc", "scope": "lte", "trust": 1.0, "vendor": "grpc", "version": "1.59.2" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "istio", "scope": "gte", "trust": 1.0, "vendor": "istio", "version": "1.19.0" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "16.1.4" }, { "model": "envoy", "scope": "eq", "trust": 1.0, "vendor": "envoyproxy", "version": "1.27.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "openshift container platform assisted installer", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "linkerd", "scope": "eq", "trust": 1.0, "vendor": "linkerd", "version": "2.13.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.5" }, { "model": "big-ip application visibility and reporting", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.1.0" }, { "model": "big-ip application visibility and reporting", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.5" }, { "model": "big-ip carrier-grade nat", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "ceph storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "big-ip ddos hybrid defender", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "16.1.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "175289" }, { "db": "PACKETSTORM", "id": "175389" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "PACKETSTORM", "id": "175127" }, { "db": "PACKETSTORM", "id": "175179" }, { "db": "PACKETSTORM", "id": "175159" }, { "db": "PACKETSTORM", "id": "176006" }, { "db": "PACKETSTORM", "id": "179610" } ], "trust": 0.8 }, "cve": "CVE-2023-44487", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2023-44487", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-44487", "trust": 1.0, "value": "HIGH" }, { "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "id": "CVE-2023-44487", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\n\n\nDescription:\n\nIBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services. \n\nIBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments. \n\nThis release updates the IBM Business Automation Manager Open Editions images to 8.0.4. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat OpenShift Dev Spaces 3.15.0 release\nAdvisory ID: RHSA-2024:4631-03\nProduct: Red Hat OpenShift Dev Spaces\nAdvisory URL: https://access.redhat.com/errata/RHSA-2024:4631\nIssue date: 2024-07-18\nRevision: 03\nCVE Names: CVE-2022-3064\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Dev Spaces 3.15 has been released. \n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. \n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. \n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. \n\nUsers still using the v1 standard should migrate as soon as possible. \n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw\n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2022-3064\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces\nhttps://access.redhat.com/security/cve/CVE-2022-3064\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-28948\nhttps://access.redhat.com/security/cve/CVE-2022-46175\nhttps://access.redhat.com/security/cve/CVE-2023-6378\nhttps://access.redhat.com/security/cve/CVE-2023-39325\nhttps://access.redhat.com/security/cve/CVE-2023-41080\nhttps://access.redhat.com/security/cve/CVE-2023-44487\nhttps://access.redhat.com/security/cve/CVE-2023-45288\nhttps://access.redhat.com/security/cve/CVE-2023-45648\nhttps://issues.redhat.com/browse/CRW-6593\n\n", "sources": [ { "db": "NVD", "id": "CVE-2023-44487" }, { "db": "PACKETSTORM", "id": "175289" }, { "db": "PACKETSTORM", "id": "175389" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "PACKETSTORM", "id": "175127" }, { "db": "PACKETSTORM", "id": "175179" }, { "db": "PACKETSTORM", "id": "175159" }, { "db": "PACKETSTORM", "id": "176006" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "179610" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-44487", "trust": 1.9 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/13/4", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/18/8", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/13/9", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/20/8", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/10/6", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/18/4", "trust": 1.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2023/10/19/6", "trust": 1.0 }, { "db": "PACKETSTORM", "id": "175289", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175389", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175376", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175127", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175179", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "175159", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "176006", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "178284", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "179610", "trust": 0.1 } ], "sources": [ { "db": "PACKETSTORM", "id": "175289" }, { "db": "PACKETSTORM", "id": "175389" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "PACKETSTORM", "id": "175127" }, { "db": "PACKETSTORM", "id": "175179" }, { "db": "PACKETSTORM", "id": "175159" }, { "db": "PACKETSTORM", "id": "176006" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "179610" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "id": "VAR-202310-0175", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38473925200000003 }, "last_update_date": "2024-11-29T20:21:59.333000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-400", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-44487" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2023-44487" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6" }, { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8" }, { "trust": 1.0, "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/" }, { "trust": 1.0, "url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/" }, { "trust": 1.0, "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/" }, { "trust": 1.0, "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" }, { "trust": 1.0, "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/" }, { "trust": 1.0, "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack" }, { "trust": 1.0, "url": "https://blog.vespa.ai/cve-2023-44487/" }, { "trust": 1.0, "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988" }, { "trust": 1.0, "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123" }, { "trust": 1.0, "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9" }, { "trust": 1.0, "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/" }, { "trust": 1.0, "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" }, { "trust": 1.0, "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125" }, { "trust": 1.0, "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715" }, { "trust": 1.0, "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve" }, { "trust": 1.0, "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764" }, { "trust": 1.0, "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088" }, { "trust": 1.0, "url": "https://github.com/azure/aks/issues/3947" }, { "trust": 1.0, "url": "https://github.com/kong/kong/discussions/11741" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-vx74-f528-fxqg" }, { "trust": 1.0, "url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p" }, { "trust": 1.0, "url": "https://github.com/akka/akka-http/issues/4323" }, { "trust": 1.0, "url": "https://github.com/alibaba/tengine/issues/1872" }, { "trust": 1.0, "url": "https://github.com/apache/apisix/issues/10320" }, { "trust": 1.0, "url": "https://github.com/apache/httpd-site/pull/10" }, { "trust": 1.0, "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113" }, { "trust": 1.0, "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2" }, { "trust": 1.0, "url": "https://github.com/apache/trafficserver/pull/10564" }, { "trust": 1.0, "url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487" }, { "trust": 1.0, "url": "https://github.com/bcdannyboy/cve-2023-44487" }, { "trust": 1.0, "url": "https://github.com/caddyserver/caddy/issues/5877" }, { "trust": 1.0, "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5" }, { "trust": 1.0, "url": "https://github.com/dotnet/announcements/issues/277" }, { "trust": 1.0, "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73" }, { "trust": 1.0, "url": "https://github.com/eclipse/jetty.project/issues/10679" }, { "trust": 1.0, "url": "https://github.com/envoyproxy/envoy/pull/30055" }, { "trust": 1.0, "url": "https://github.com/etcd-io/etcd/issues/16740" }, { "trust": 1.0, "url": "https://github.com/facebook/proxygen/pull/466" }, { "trust": 1.0, "url": "https://github.com/golang/go/issues/63417" }, { "trust": 1.0, "url": "https://github.com/grpc/grpc-go/pull/6703" }, { "trust": 1.0, "url": "https://github.com/h2o/h2o/pull/3291" }, { "trust": 1.0, "url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf" }, { "trust": 1.0, "url": "https://github.com/haproxy/haproxy/issues/2312" }, { "trust": 1.0, "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244" }, { "trust": 1.0, "url": "https://github.com/junkurihara/rust-rpxy/issues/97" }, { "trust": 1.0, "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1" }, { "trust": 1.0, "url": "https://github.com/kazu-yamamoto/http2/issues/93" }, { "trust": 1.0, "url": "https://github.com/kubernetes/kubernetes/pull/121120" }, { "trust": 1.0, "url": "https://github.com/line/armeria/pull/5232" }, { "trust": 1.0, "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632" }, { "trust": 1.0, "url": "https://github.com/micrictor/http2-rst-stream" }, { "trust": 1.0, "url": "https://github.com/microsoft/cbl-mariner/pull/6381" }, { "trust": 1.0, "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61" }, { "trust": 1.0, "url": "https://github.com/nghttp2/nghttp2/pull/1961" }, { "trust": 1.0, "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0" }, { "trust": 1.0, "url": "https://github.com/ninenines/cowboy/issues/1615" }, { "trust": 1.0, "url": "https://github.com/nodejs/node/pull/50121" }, { "trust": 1.0, "url": "https://github.com/openresty/openresty/issues/930" }, { "trust": 1.0, "url": "https://github.com/opensearch-project/data-prepper/issues/3474" }, { "trust": 1.0, "url": "https://github.com/oqtane/oqtane.framework/discussions/3367" }, { "trust": 1.0, "url": "https://github.com/projectcontour/contour/pull/5826" }, { "trust": 1.0, "url": "https://github.com/tempesta-tech/tempesta/issues/1986" }, { "trust": 1.0, "url": "https://github.com/varnishcache/varnish-cache/issues/3996" }, { "trust": 1.0, "url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo" }, { "trust": 1.0, "url": "https://istio.io/latest/news/security/istio-security-2023-004/" }, { "trust": 1.0, "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/" }, { "trust": 1.0, "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html" }, { "trust": 1.0, "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/" }, { "trust": 1.0, "url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html" }, { "trust": 1.0, "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html" }, { "trust": 1.0, "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html" }, { "trust": 1.0, "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/" }, { "trust": 1.0, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487" }, { "trust": 1.0, "url": "https://my.f5.com/manage/s/article/k000137106" }, { "trust": 1.0, "url": "https://netty.io/news/2023/10/10/4-1-100-final.html" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37830987" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37830998" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37831062" }, { "trust": 1.0, "url": "https://news.ycombinator.com/item?id=37837043" }, { "trust": 1.0, "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/" }, { "trust": 1.0, "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected" }, { "trust": 1.0, "url": "https://security.gentoo.org/glsa/202311-09" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20231016-0001/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240426-0007/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0007/" }, { "trust": 1.0, "url": "https://security.paloaltonetworks.com/cve-2023-44487" }, { "trust": 1.0, "url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14" }, { "trust": 1.0, "url": "https://ubuntu.com/security/cve-2023-44487" }, { "trust": 1.0, "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" }, { "trust": 1.0, "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "trust": 1.0, "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5521" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5522" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5540" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5549" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5558" }, { "trust": 1.0, "url": "https://www.debian.org/security/2023/dsa-5570" }, { "trust": 1.0, "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487" }, { "trust": 1.0, "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/" }, { "trust": 1.0, "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "trust": 1.0, "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6" }, { "trust": 1.0, "url": "https://www.phoronix.com/news/http2-rapid-reset-attack" }, { "trust": 1.0, "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487" }, { "trust": 0.7, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6020.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:6020" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6022.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:6022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:6105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5767.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5767" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5840.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:5707" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5707.json" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7587.json" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2023:7587" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-6754-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2024:4631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28948" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-45648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3064" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-46175" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-41080" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-39325" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-45288" }, { "trust": 0.1, "url": "https://issues.redhat.com/browse/crw-6593" }, { "trust": 0.1, "url": "https://access.redhat.com/support/policy/updates/openshift#crw" }, { "trust": 0.1, "url": "https://devfile.io/docs/2.2.0/migrating-to-devfile-v2" }, { "trust": 0.1, "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21698" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-3064" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2023-6378" } ], "sources": [ { "db": "PACKETSTORM", "id": "175289" }, { "db": "PACKETSTORM", "id": "175389" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "PACKETSTORM", "id": "175127" }, { "db": "PACKETSTORM", "id": "175179" }, { "db": "PACKETSTORM", "id": "175159" }, { "db": "PACKETSTORM", "id": "176006" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "179610" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "PACKETSTORM", "id": "175289" }, { "db": "PACKETSTORM", "id": "175389" }, { "db": "PACKETSTORM", "id": "175376" }, { "db": "PACKETSTORM", "id": "175127" }, { "db": "PACKETSTORM", "id": "175179" }, { "db": "PACKETSTORM", "id": "175159" }, { "db": "PACKETSTORM", "id": "176006" }, { "db": "PACKETSTORM", "id": "178284" }, { "db": "PACKETSTORM", "id": "179610" }, { "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-24T15:51:35", "db": "PACKETSTORM", "id": "175289" }, { "date": "2023-10-30T12:35:16", "db": "PACKETSTORM", "id": "175389" }, { "date": "2023-10-27T12:55:12", "db": "PACKETSTORM", "id": "175376" }, { "date": "2023-10-17T15:40:07", "db": "PACKETSTORM", "id": "175127" }, { "date": "2023-10-18T16:28:09", "db": "PACKETSTORM", "id": "175179" }, { "date": "2023-10-18T16:22:55", "db": "PACKETSTORM", "id": "175159" }, { "date": "2023-11-30T12:38:58", "db": "PACKETSTORM", "id": "176006" }, { "date": "2024-04-26T15:13:40", "db": "PACKETSTORM", "id": "178284" }, { "date": "2024-07-19T13:36:35", "db": "PACKETSTORM", "id": "179610" }, { "date": "2023-10-10T14:15:10.883000", "db": "NVD", "id": "CVE-2023-44487" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-08-14T19:57:18.860000", "db": "NVD", "id": "CVE-2023-44487" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "178284" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2023-6020-01", "sources": [ { "db": "PACKETSTORM", "id": "175289" } ], "trust": 0.1 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.