Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-5713

Опубликовано: 17 окт. 2023
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2023-5713: nginx:1.22 security update (MODERATE)

[1:1.22.1-1.0.1.1]

  • Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module nginx:1.22 is enabled

nginx

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-all-modules

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-filesystem

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-devel

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-image-filter

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-perl

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-xslt-filter

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-mail

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-stream

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

Oracle Linux x86_64

Module nginx:1.22 is enabled

nginx

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-all-modules

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-filesystem

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-devel

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-image-filter

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-perl

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-http-xslt-filter

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-mail

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

nginx-mod-stream

1.22.1-1.0.1.module+el8.8.0+21180+f87487ef.1

Связанные CVE

CVE-2023-44487

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-44487

CVSS3: 7.5
ubuntu
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

redhat логотип

CVE-2023-44487

CVSS3: 7.5
redhat
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

nvd логотип

CVE-2023-44487

CVSS3: 7.5
nvd
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

msrc логотип

CVE-2023-44487

msrc
больше 1 года назад

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

debian логотип

CVE-2023-44487

CVSS3: 7.5
debian
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consum ...