Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-6120

Опубликовано: 26 окт. 2023
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2023-6120: nginx:1.22 security update (MODERATE)

[1:1.22.1-3.0.1.1]

  • Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

Module nginx:1.22 is enabled

nginx

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-all-modules

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-core

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-filesystem

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-devel

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-image-filter

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-perl

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-xslt-filter

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-mail

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-stream

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

Oracle Linux x86_64

Module nginx:1.22 is enabled

nginx

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-all-modules

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-core

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-filesystem

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-devel

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-image-filter

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-perl

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-http-xslt-filter

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-mail

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

nginx-mod-stream

1.22.1-3.0.1.module+el9.2.0+90031+da4273d7.1

Связанные CVE

CVE-2023-44487

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-44487

CVSS3: 7.5
ubuntu
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

redhat логотип

CVE-2023-44487

CVSS3: 7.5
redhat
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

nvd логотип

CVE-2023-44487

CVSS3: 7.5
nvd
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

msrc логотип

CVE-2023-44487

msrc
больше 1 года назад

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

debian логотип

CVE-2023-44487

CVSS3: 7.5
debian
больше 1 года назад

The HTTP/2 protocol allows a denial of service (server resource consum ...