RLSA-2023:5850

Опубликовано: 24 окт. 2023

Источник: rocky

Оценка: Important

Описание

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Связанные CVE

CVE-2023-44487

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2242803
Red Hat - 2242803

Связанные уязвимости

CVE-2023-44487

CVSS3: 7.5

ubuntu

около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-44487

CVSS3: 7.5

redhat

около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-44487

CVSS3: 7.5

nvd

около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-44487

msrc

около 2 лет назад

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

CVE-2023-44487

CVSS3: 7.5

debian

около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consum ...