Vulnerability

CVE-2023-44487

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400

References

https://github.com/eclipse/jetty.project/issues/10679
https://github.com/eclipse/jetty.project/pull/10682
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/

[CVE-2023-44487] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

org.eclipse.jetty.http2:jetty-http2-common - Denial of Service (DoS) [CVE-2023-44487] The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.