Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:6120

Опубликовано: 11 нояб. 2023
Источник: rocky
Оценка: Moderate

Описание

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
nginxx86_643.module+el9.2.0+15280+45c505d6.1nginx-1.22.1-3.module+el9.2.0+15280+45c505d6.1.x86_64.rpm
nginx-all-modulesnoarch3.module+el9.2.0+15280+45c505d6.1nginx-all-modules-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-all-modulesnoarch3.module+el9.2.0+15280+45c505d6.1nginx-all-modules-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-all-modulesnoarch3.module+el9.2.0+15280+45c505d6.1nginx-all-modules-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-corex86_643.module+el9.2.0+15280+45c505d6.1nginx-core-1.22.1-3.module+el9.2.0+15280+45c505d6.1.x86_64.rpm
nginx-filesystemnoarch3.module+el9.2.0+15280+45c505d6.1nginx-filesystem-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-filesystemnoarch3.module+el9.2.0+15280+45c505d6.1nginx-filesystem-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-filesystemnoarch3.module+el9.2.0+15280+45c505d6.1nginx-filesystem-1.22.1-3.module+el9.2.0+15280+45c505d6.1.noarch.rpm
nginx-mod-develx86_643.module+el9.2.0+15280+45c505d6.1nginx-mod-devel-1.22.1-3.module+el9.2.0+15280+45c505d6.1.x86_64.rpm
nginx-mod-http-image-filterx86_643.module+el9.2.0+15280+45c505d6.1nginx-mod-http-image-filter-1.22.1-3.module+el9.2.0+15280+45c505d6.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-44487

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-44487

CVSS3: 7.5
ubuntu
около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

redhat логотип

CVE-2023-44487

CVSS3: 7.5
redhat
около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

nvd логотип

CVE-2023-44487

CVSS3: 7.5
nvd
около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

msrc логотип

CVE-2023-44487

msrc
около 2 лет назад

MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

debian логотип

CVE-2023-44487

CVSS3: 7.5
debian
около 2 лет назад

The HTTP/2 protocol allows a denial of service (server resource consum ...