CVE-2023-44487

high KEV

Published 2023-11-07 · Modified 2023-10-10

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CISA KEV

Vendor: IETF
Product: HTTP/2
Due date: 2023-10-31

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

{Vendor advisory: cisa-kev — This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487}

Mitigation details

Source: GitHub Security Advisory · View original ↗ · CC-BY-4.0

<h3>HTTP/2 Stream Cancellation Attack</h3> HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect…

<h3>HTTP/2 Stream Cancellation Attack</h3>

HTTP/2 Rapid reset attack

The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed.

Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open.

The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately.

The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth.

In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client.

Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows.

swift-nio-http2 specific advisory

swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress.

swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.

Apply commands

bash fix

Upgrade org.apache.tomcat:tomcat-coyote to 8.5.94

# Update org.apache.tomcat:tomcat-coyote to 8.5.94 in pom.xml

Affected

Vendor	Product	Version
maven	org.apache.tomcat:tomcat-coyote	`>= 8.5.0, < 8.5.94`
maven	org.apache.tomcat:tomcat-coyote	`>= 9.0.0, < 9.0.81`
maven	org.apache.tomcat:tomcat-coyote	`>= 10.0.0, < 10.1.14`
maven	org.apache.tomcat:tomcat-coyote	`>= 11.0.0-M1, < 11.0.0-M12`
maven	com.typesafe.akka:akka-http-core_2.11	`<= 10.1.15`
maven	com.typesafe.akka:akka-http-core_2.12	`< 10.5.3`
maven	com.typesafe.akka:akka-http-core_2.13	`< 10.5.3`
maven	com.typesafe.akka:akka-http-core	`< 10.5.3`
maven	org.eclipse.jetty.http2:jetty-http2-server	`>= 12.0.0, < 12.0.2`
maven	org.eclipse.jetty.http2:jetty-http2-common	`>= 12.0.0, < 12.0.2`
maven	org.eclipse.jetty.http2:http2-server	`>= 11.0.0, < 11.0.17`
maven	org.eclipse.jetty.http2:http2-server	`>= 10.0.0, < 10.0.17`
maven	org.eclipse.jetty.http2:http2-server	`>= 9.3.0, < 9.4.53`
maven	org.eclipse.jetty.http2:http2-common	`>= 11.0.0, < 11.0.17`
maven	org.eclipse.jetty.http2:http2-common	`>= 10.0.0, < 10.0.17`
maven	org.eclipse.jetty.http2:http2-common	`>= 9.3.0, < 9.4.53`
swift	github.com/apple/swift-nio-http2	`< 1.28.0`
maven	org.apache.tomcat.embed:tomcat-embed-core	`>= 8.5.0, < 8.5.94`
maven	org.apache.tomcat.embed:tomcat-embed-core	`>= 9.0.0, < 9.0.81`
maven	org.apache.tomcat.embed:tomcat-embed-core	`>= 10.0.0, < 10.1.14`
maven	org.apache.tomcat.embed:tomcat-embed-core	`>= 11.0.0-M1, < 11.0.0-M12`
go	golang.org/x/net	`< 0.17.0`

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-52426 remote multiple

Madhusudhan Rajappa · 2025-09-16

HTTP/2 2.0 - Denial Of Service (DOS)

Source code queued for fetch — refresh in a moment.

OS impact

Fedora Affected 2 releases

Version	Status	Fixed in
38	Affected	—
37	Affected	—

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Windows Affected 1 release

Version	Status	Fixed in
-	Affected	—

Debian Mixed 8 releases

Version	Status	Fixed in
trixie	Fixed	`1.8.2-2`
sid	Fixed	`1.8.2-2`
forky	Fixed	`1.8.2-2`
bullseye	Fixed	`1.8.13-1`
bookworm	Fixed	`1.8.13-1`
12.0	Affected	—
11.0	Affected	—
10.0	Affected	—

Red Hat Mixed 5 releases

Version	Status	Fixed in
9.0	Affected	—
9	Fixed	—
8.0	Affected	—
8	Fixed	—
6.0	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
9	Fixed	`nginx-core-1.20.1-14.el9_2.1.alma.1.aarch64.rpm`

Rocky Linux Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Package impact

Ecosystem	Package	Vulnerable	Fixed
SwiftURL	github.com/apple/swift-nio-http2	`<1.28.0`	`1.28.0`
Go	golang.org/x/net	`<0.17.0`	`0.17.0`
Maven	org.apache.tomcat:tomcat-coyote	`>=11.0.0-M1,<11.0.0-M12`	`11.0.0-M12`
Maven	org.apache.tomcat:tomcat-coyote	`>=10.0.0,<10.1.14`	`10.1.14`
Maven	org.apache.tomcat:tomcat-coyote	`>=9.0.0,<9.0.81`	`9.0.81`
Maven	org.apache.tomcat:tomcat-coyote	`>=8.5.0,<8.5.94`	`8.5.94`
Maven	org.apache.tomcat.embed:tomcat-embed-core	`>=11.0.0-M1,<11.0.0-M12`	`11.0.0-M12`
Maven	org.apache.tomcat.embed:tomcat-embed-core	`>=10.0.0,<10.1.14`	`10.1.14`
Maven	org.apache.tomcat.embed:tomcat-embed-core	`>=9.0.0,<9.0.81`	`9.0.81`
Maven	org.apache.tomcat.embed:tomcat-embed-core	`>=8.5.0,<8.5.94`	`8.5.94`
Maven	org.eclipse.jetty.http2:http2-common	`>=9.3.0,<9.4.53`	`9.4.53`
Maven	org.eclipse.jetty.http2:http2-common	`>=10.0.0,<10.0.17`	`10.0.17`
Maven	org.eclipse.jetty.http2:http2-common	`>=11.0.0,<11.0.17`	`11.0.17`
Maven	org.eclipse.jetty.http2:http2-server	`>=9.3.0,<9.4.53`	`9.4.53`
Maven	org.eclipse.jetty.http2:http2-server	`>=10.0.0,<10.0.17`	`10.0.17`
Maven	org.eclipse.jetty.http2:http2-server	`>=11.0.0,<11.0.17`	`11.0.17`
Maven	org.eclipse.jetty.http2:jetty-http2-common	`>=12.0.0,<12.0.2`	`12.0.2`
Maven	org.eclipse.jetty.http2:jetty-http2-server	`>=12.0.0,<12.0.2`	`12.0.2`
Maven	com.typesafe.akka:akka-http-core	`<10.5.3`	`10.5.3`
Maven	com.typesafe.akka:akka-http-core_2.13	`<10.5.3`	`10.5.3`
Maven	com.typesafe.akka:akka-http-core_2.12	`<10.5.3`	`10.5.3`
Maven	com.typesafe.akka:akka-http-core_2.11	`<=10.1.15`
MAVEN	org.apache.tomcat:tomcat-coyote	`>= 8.5.0, < 8.5.94`	`8.5.94`
MAVEN	org.apache.tomcat:tomcat-coyote	`>= 9.0.0, < 9.0.81`	`9.0.81`
MAVEN	org.apache.tomcat:tomcat-coyote	`>= 10.0.0, < 10.1.14`	`10.1.14`
MAVEN	org.apache.tomcat:tomcat-coyote	`>= 11.0.0-M1, < 11.0.0-M12`	`11.0.0-M12`
MAVEN	com.typesafe.akka:akka-http-core_2.11	`<= 10.1.15`
MAVEN	com.typesafe.akka:akka-http-core_2.12	`< 10.5.3`	`10.5.3`
MAVEN	com.typesafe.akka:akka-http-core_2.13	`< 10.5.3`	`10.5.3`
MAVEN	com.typesafe.akka:akka-http-core	`< 10.5.3`	`10.5.3`
MAVEN	org.eclipse.jetty.http2:jetty-http2-server	`>= 12.0.0, < 12.0.2`	`12.0.2`
MAVEN	org.eclipse.jetty.http2:jetty-http2-common	`>= 12.0.0, < 12.0.2`	`12.0.2`
MAVEN	org.eclipse.jetty.http2:http2-server	`>= 11.0.0, < 11.0.17`	`11.0.17`
MAVEN	org.eclipse.jetty.http2:http2-server	`>= 10.0.0, < 10.0.17`	`10.0.17`
MAVEN	org.eclipse.jetty.http2:http2-server	`>= 9.3.0, < 9.4.53`	`9.4.53`
MAVEN	org.eclipse.jetty.http2:http2-common	`>= 11.0.0, < 11.0.17`	`11.0.17`
MAVEN	org.eclipse.jetty.http2:http2-common	`>= 10.0.0, < 10.0.17`	`10.0.17`
MAVEN	org.eclipse.jetty.http2:http2-common	`>= 9.3.0, < 9.4.53`	`9.4.53`
SWIFT	github.com/apple/swift-nio-http2	`< 1.28.0`	`1.28.0`
MAVEN	org.apache.tomcat.embed:tomcat-embed-core	`>= 8.5.0, < 8.5.94`	`8.5.94`
MAVEN	org.apache.tomcat.embed:tomcat-embed-core	`>= 9.0.0, < 9.0.81`	`9.0.81`
MAVEN	org.apache.tomcat.embed:tomcat-embed-core	`>= 10.0.0, < 10.1.14`	`10.1.14`
MAVEN	org.apache.tomcat.embed:tomcat-embed-core	`>= 11.0.0-M1, < 11.0.0-M12`	`11.0.0-M12`
GO	golang.org/x/net	`< 0.17.0`	`0.17.0`

Application impact

Vendor	Product	Versions	Fixed
siemens	sinec_ins	`{"endExcluding":"1.0"}`	`1.0`
siemens	sinec_ins	`1.0`
siemens	sinec_nms	`{"endExcluding":"3.0"}`	`3.0`
siemens	st7_scadaconnect	`{"endExcluding":"1.1"}`	`1.1`
ietf	http	`2.0`
nghttp2	nghttp2	`{"endExcluding":"1.57.0"}`	`1.57.0`
netty	netty	`{"endExcluding":"4.1.100"}`	`4.1.100`
envoyproxy	envoy	`1.24.10`
envoyproxy	envoy	`1.25.9`
envoyproxy	envoy	`1.26.4`
envoyproxy	envoy	`1.27.0`
eclipse	jetty	`{"endExcluding":"9.4.53"}`	`9.4.53`
caddyserver	caddy	`{"endExcluding":"2.7.5"}`	`2.7.5`
golang	go	`{"endExcluding":"1.20.10"}`	`1.20.10`
golang	http2	`{"endExcluding":"0.17.0"}`	`0.17.0`
golang	networking	`{"endExcluding":"0.17.0"}`	`0.17.0`
f5	big-ip_access_policy_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_access_policy_manager	`17.1.0`
f5	big-ip_advanced_firewall_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_advanced_firewall_manager	`17.1.0`
f5	big-ip_advanced_web_application_firewall	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_advanced_web_application_firewall	`17.1.0`
f5	big-ip_analytics	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_analytics	`17.1.0`
f5	big-ip_application_acceleration_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_application_acceleration_manager	`17.1.0`
f5	big-ip_application_security_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_application_security_manager	`17.1.0`
f5	big-ip_application_visibility_and_reporting	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_application_visibility_and_reporting	`17.1.0`
f5	big-ip_carrier-grade_nat	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_carrier-grade_nat	`17.1.0`
f5	big-ip_ddos_hybrid_defender	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_ddos_hybrid_defender	`17.1.0`
f5	big-ip_domain_name_system	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_domain_name_system	`17.1.0`
f5	big-ip_fraud_protection_service	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_fraud_protection_service	`17.1.0`
f5	big-ip_global_traffic_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_global_traffic_manager	`17.1.0`
f5	big-ip_link_controller	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_link_controller	`17.1.0`
f5	big-ip_local_traffic_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_local_traffic_manager	`17.1.0`
f5	big-ip_next	`20.0.1`
f5	big-ip_next_service_proxy_for_kubernetes	`{"startIncluding":"1.5.0","endIncluding":"1.8.2"}`
f5	big-ip_policy_enforcement_manager	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_policy_enforcement_manager	`17.1.0`
f5	big-ip_ssl_orchestrator	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_ssl_orchestrator	`17.1.0`
f5	big-ip_webaccelerator	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_webaccelerator	`17.1.0`
f5	big-ip_websafe	`{"startIncluding":"13.1.0","endIncluding":"13.1.5"}`
f5	big-ip_websafe	`17.1.0`
f5	nginx	`{"startIncluding":"1.9.5","endIncluding":"1.25.2"}`
f5	nginx_ingress_controller	`{"startIncluding":"2.0.0","endIncluding":"2.4.2"}`
f5	nginx_plus	`{"startIncluding":"r25","endExcluding":"r29"}`	`r29`
f5	nginx_plus	`r29`
f5	nginx_plus	`r30`
apache	tomcat	`{"startIncluding":"8.5.0","endIncluding":"8.5.93"}`
apache	tomcat	`11.0.0`
apple	swiftnio_http\/2	`{"endExcluding":"1.28.0"}`	`1.28.0`
grpc	grpc	`{"endExcluding":"1.56.3"}`	`1.56.3`
grpc	grpc	`1.57.0`
microsoft	.net	`{"startIncluding":"6.0.0","endExcluding":"6.0.23"}`	`6.0.23`
microsoft	asp.net_core	`{"startIncluding":"6.0.0","endExcluding":"6.0.23"}`	`6.0.23`
microsoft	azure_kubernetes_service	`{"endExcluding":"2023-10-08"}`	`2023-10-08`
microsoft	visual_studio_2022	`{"startIncluding":"17.0","endExcluding":"17.2.20"}`	`17.2.20`
nodejs	node.js	`{"startIncluding":"18.0.0","endExcluding":"18.18.2"}`	`18.18.2`
microsoft	cbl-mariner	`{"endExcluding":"2023-10-11"}`	`2023-10-11`
dena	h2o	`{"endExcluding":"2023-10-10"}`	`2023-10-10`
facebook	proxygen	`{"endExcluding":"2023.10.16.00"}`	`2023.10.16.00`
apache	apisix	`{"endExcluding":"3.6.1"}`	`3.6.1`
apache	traffic_server	`{"startIncluding":"8.0.0","endExcluding":"8.1.9"}`	`8.1.9`
amazon	opensearch_data_prepper	`{"endExcluding":"2.5.0"}`	`2.5.0`
kazu-yamamoto	http2	`{"endExcluding":"4.2.2"}`	`4.2.2`
istio	istio	`{"endExcluding":"1.17.6"}`	`1.17.6`
varnish_cache_project	varnish_cache	`{"endExcluding":"2023-10-10"}`	`2023-10-10`
traefik	traefik	`{"endExcluding":"2.10.5"}`	`2.10.5`
traefik	traefik	`3.0.0`
projectcontour	contour	`{"endExcluding":"2023-10-11"}`	`2023-10-11`
linkerd	linkerd	`{"startIncluding":"2.12.0","endIncluding":"2.12.5"}`
linkerd	linkerd	`2.13.0`
linkerd	linkerd	`2.13.1`
linkerd	linkerd	`2.14.0`
linkerd	linkerd	`2.14.1`
linecorp	armeria	`{"endExcluding":"1.26.0"}`	`1.26.0`
redhat	3scale_api_management_platform	`2.0`
redhat	advanced_cluster_management_for_kubernetes	`2.0`
redhat	advanced_cluster_security	`3.0`
redhat	advanced_cluster_security	`4.0`
redhat	ansible_automation_platform	`2.0`
redhat	build_of_optaplanner	`8.0`
redhat	build_of_quarkus	`-`
redhat	ceph_storage	`5.0`
redhat	cert-manager_operator_for_red_hat_openshift	`-`
redhat	certification_for_red_hat_enterprise_linux	`8.0`
redhat	certification_for_red_hat_enterprise_linux	`9.0`
redhat	cost_management	`-`
redhat	cryostat	`2.0`
redhat	decision_manager	`7.0`
redhat	fence_agents_remediation_operator	`-`
redhat	integration_camel_for_spring_boot	`-`
redhat	integration_camel_k	`-`
redhat	integration_service_registry	`-`
redhat	jboss_a-mq	`7`
redhat	jboss_a-mq_streams	`-`
redhat	jboss_core_services	`-`
redhat	jboss_data_grid	`7.0.0`
redhat	jboss_enterprise_application_platform	`6.0.0`
redhat	jboss_enterprise_application_platform	`7.0.0`
redhat	jboss_fuse	`6.0.0`
redhat	jboss_fuse	`7.0.0`
redhat	logging_subsystem_for_red_hat_openshift	`-`
redhat	machine_deletion_remediation_operator	`-`
redhat	migration_toolkit_for_applications	`6.0`
redhat	migration_toolkit_for_containers	`-`
redhat	migration_toolkit_for_virtualization	`-`
redhat	network_observability_operator	`-`
redhat	node_healthcheck_operator	`-`
redhat	node_maintenance_operator	`-`
redhat	openshift	`-`
redhat	openshift_api_for_data_protection	`-`
redhat	openshift_container_platform	`4.0`
redhat	openshift_container_platform_assisted_installer	`-`
redhat	openshift_data_science	`-`
redhat	openshift_dev_spaces	`-`
redhat	openshift_developer_tools_and_services	`-`
redhat	openshift_distributed_tracing	`-`
redhat	openshift_gitops	`-`
redhat	openshift_pipelines	`-`
redhat	openshift_sandboxed_containers	`-`
redhat	openshift_secondary_scheduler_operator	`-`
redhat	openshift_serverless	`-`
redhat	openshift_service_mesh	`2.0`
redhat	openshift_virtualization	`4`
redhat	openstack_platform	`16.1`
redhat	openstack_platform	`16.2`
redhat	openstack_platform	`17.1`
redhat	process_automation	`7.0`
redhat	quay	`3.0.0`
redhat	run_once_duration_override_operator	`-`
redhat	satellite	`6.0`
redhat	self_node_remediation_operator	`-`
redhat	service_interconnect	`1.0`
redhat	single_sign-on	`7.0`
redhat	support_for_spring_boot	`-`
redhat	web_terminal	`-`
redhat	service_telemetry_framework	`1.5`
netapp	astra_control_center	`-`
netapp	oncommand_insight	`-`
akka	http_server	`{"endExcluding":"10.5.3"}`	`10.5.3`
konghq	kong_gateway	`{"endExcluding":"3.4.2"}`	`3.4.2`
jenkins	jenkins	`{"endIncluding":"2.414.2"}`
apache	solr	`{"endExcluding":"9.4.0"}`	`9.4.0`
openresty	openresty	`{"endExcluding":"1.21.4.3"}`	`1.21.4.3`
cisco	business_process_automation	`{"endExcluding":"3.2.003.009"}`	`3.2.003.009`
cisco	connected_mobile_experiences	`{"endExcluding":"11.1"}`	`11.1`
cisco	crosswork_data_gateway	`{"endExcluding":"4.1.3"}`	`4.1.3`
cisco	crosswork_situation_manager	`-`
cisco	crosswork_zero_touch_provisioning	`{"endExcluding":"6.0.0"}`	`6.0.0`
cisco	data_center_network_manager	`-`
cisco	enterprise_chat_and_email	`-`
cisco	expressway	`{"endExcluding":"x14.3.3"}`	`x14.3.3`
cisco	firepower_threat_defense	`{"endExcluding":"7.4.2"}`	`7.4.2`
cisco	iot_field_network_director	`{"endExcluding":"4.11.0"}`	`4.11.0`
cisco	prime_access_registrar	`{"endExcluding":"9.3.3"}`	`9.3.3`
cisco	prime_cable_provisioning	`{"endExcluding":"7.2.1"}`	`7.2.1`
cisco	prime_infrastructure	`{"endExcluding":"3.10.4"}`	`3.10.4`
cisco	prime_network_registrar	`{"endExcluding":"11.2"}`	`11.2`
cisco	secure_dynamic_attributes_connector	`{"endExcluding":"2.2.0"}`	`2.2.0`
cisco	secure_malware_analytics	`{"endExcluding":"2.19.2"}`	`2.19.2`
cisco	telepresence_video_communication_server	`{"endExcluding":"x14.3.3"}`	`x14.3.3`
cisco	ultra_cloud_core_-_policy_control_function	`{"endExcluding":"2024.01.0"}`	`2024.01.0`
cisco	ultra_cloud_core_-_policy_control_function	`2024.01.0`
cisco	ultra_cloud_core_-_serving_gateway_function	`{"endExcluding":"2024.02.0"}`	`2024.02.0`
cisco	ultra_cloud_core_-_session_management_function	`{"endExcluding":"2024.02.0"}`	`2024.02.0`
cisco	unified_attendant_console_advanced	`-`
cisco	unified_contact_center_domain_manager	`-`
cisco	unified_contact_center_enterprise	`-`
cisco	unified_contact_center_enterprise_-_live_data_server	`{"endExcluding":"12.6.2"}`	`12.6.2`
cisco	unified_contact_center_management_portal	`-`
nginx	nginx	`{"startIncluding":"1.9.5","endIncluding":"1.25.2"}`

References

CWEs

CWE-400

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.