Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- none
- Availability
- high
- Weaknesses
- NVD-CWE-noinfoCWE-400
Metadata
- Primary Vendor
- IETF
- Published
- 10/10/2023
- Last Modified
- 11/7/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ietf : httpnghttp2 : nghttp2netty : nettyenvoyproxy : envoyenvoyproxy : envoyenvoyproxy : envoyenvoyproxy : envoyeclipse : jettyeclipse : jettyeclipse : jettyeclipse : jettycaddyserver : caddygolang : gogolang : gogolang : http2golang : networkingf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_access_policy_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_firewall_managerf5 : big-ip_advanced_web_application_firewallf5 : big-ip_advanced_web_application_firewallf5 : big-ip_advanced_web_application_firewallf5 : big-ip_advanced_web_application_firewallf5 : big-ip_advanced_web_application_firewallf5 : big-ip_analyticsf5 : big-ip_analyticsf5 : big-ip_analyticsf5 : big-ip_analyticsf5 : big-ip_analyticsf5 : big-ip_application_acceleration_managerf5 : big-ip_application_acceleration_managerf5 : big-ip_application_acceleration_managerf5 : big-ip_application_acceleration_managerf5 : big-ip_application_acceleration_managerf5 : big-ip_application_security_managerf5 : big-ip_application_security_managerf5 : big-ip_application_security_managerf5 : big-ip_application_security_managerf5 : big-ip_application_security_managerf5 : big-ip_application_visibility_and_reportingf5 : big-ip_application_visibility_and_reportingf5 : big-ip_application_visibility_and_reportingf5 : big-ip_application_visibility_and_reportingf5 : big-ip_application_visibility_and_reportingf5 : big-ip_carrier-grade_natf5 : big-ip_carrier-grade_natf5 : big-ip_carrier-grade_natf5 : big-ip_carrier-grade_natf5 : big-ip_carrier-grade_natf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_ddos_hybrid_defenderf5 : big-ip_domain_name_systemf5 : big-ip_domain_name_systemf5 : big-ip_domain_name_systemf5 : big-ip_domain_name_systemf5 : big-ip_domain_name_systemf5 : big-ip_fraud_protection_servicef5 : big-ip_fraud_protection_servicef5 : big-ip_fraud_protection_servicef5 : big-ip_fraud_protection_servicef5 : big-ip_fraud_protection_servicef5 : big-ip_global_traffic_managerf5 : big-ip_global_traffic_managerf5 : big-ip_global_traffic_managerf5 : big-ip_global_traffic_managerf5 : big-ip_global_traffic_managerf5 : big-ip_link_controllerf5 : big-ip_link_controllerf5 : big-ip_link_controllerf5 : big-ip_link_controllerf5 : big-ip_link_controllerf5 : big-ip_local_traffic_managerf5 : big-ip_local_traffic_managerf5 : big-ip_local_traffic_managerf5 : big-ip_local_traffic_managerf5 : big-ip_local_traffic_managerf5 : big-ip_nextf5 : big-ip_next_service_proxy_for_kubernetesf5 : big-ip_policy_enforcement_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_policy_enforcement_managerf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_ssl_orchestratorf5 : big-ip_webacceleratorf5 : big-ip_webacceleratorf5 : big-ip_webacceleratorf5 : big-ip_webacceleratorf5 : big-ip_webacceleratorf5 : big-ip_websafef5 : big-ip_websafef5 : big-ip_websafef5 : big-ip_websafef5 : big-ip_websafef5 : nginxf5 : nginx_ingress_controllerf5 : nginx_ingress_controllerf5 : nginx_plusf5 : nginx_plusf5 : nginx_plusapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapple : swiftnio_http\/2grpc : grpcgrpc : grpcgrpc : grpcgrpc : grpcmicrosoft : .netmicrosoft : .netmicrosoft : asp.net_coremicrosoft : asp.net_coremicrosoft : azure_kubernetes_servicemicrosoft : visual_studio_2022microsoft : visual_studio_2022microsoft : visual_studio_2022microsoft : visual_studio_2022microsoft : windows_10_1607microsoft : windows_10_1607microsoft : windows_10_1809microsoft : windows_10_21h2microsoft : windows_10_22h2microsoft : windows_11_21h2microsoft : windows_11_22h2microsoft : windows_server_2016microsoft : windows_server_2019microsoft : windows_server_2022nodejs : node.jsnodejs : node.jsmicrosoft : cbl-marinerdena : h2ofacebook : proxygenapache : apisixapache : traffic_serverapache : traffic_serveramazon : opensearch_data_prepperdebian : debian_linuxdebian : debian_linuxdebian : debian_linuxkazu-yamamoto : http2istio : istioistio : istioistio : istiovarnish_cache_project : varnish_cachetraefik : traefiktraefik : traefiktraefik : traefiktraefik : traefikprojectcontour : contourlinkerd : linkerdlinkerd : linkerdlinkerd : linkerdlinkerd : linkerdlinkerd : linkerdlinecorp : armeriaredhat : 3scale_api_management_platformredhat : advanced_cluster_management_for_kubernetesredhat : advanced_cluster_securityredhat : advanced_cluster_securityredhat : ansible_automation_platformredhat : build_of_optaplannerredhat : build_of_quarkusredhat : ceph_storageredhat : cert-manager_operator_for_red_hat_openshiftredhat : certification_for_red_hat_enterprise_linuxredhat : certification_for_red_hat_enterprise_linuxredhat : cost_managementredhat : cryostatredhat : decision_managerredhat : fence_agents_remediation_operatorredhat : integration_camel_for_spring_bootredhat : integration_camel_kredhat : integration_service_registryredhat : jboss_a-mqredhat : jboss_a-mq_streamsredhat : jboss_core_servicesredhat : jboss_data_gridredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformredhat : jboss_fuseredhat : jboss_fuseredhat : logging_subsystem_for_red_hat_openshiftredhat : machine_deletion_remediation_operatorredhat : migration_toolkit_for_applicationsredhat : migration_toolkit_for_containersredhat : migration_toolkit_for_virtualizationredhat : network_observability_operatorredhat : node_healthcheck_operatorredhat : node_maintenance_operatorredhat : openshiftredhat : openshift_api_for_data_protectionredhat : openshift_container_platformredhat : openshift_container_platform_assisted_installerredhat : openshift_data_scienceredhat : openshift_dev_spacesredhat : openshift_developer_tools_and_servicesredhat : openshift_distributed_tracingredhat : openshift_gitopsredhat : openshift_pipelinesredhat : openshift_sandboxed_containersredhat : openshift_secondary_scheduler_operatorredhat : openshift_serverlessredhat : openshift_service_meshredhat : openshift_virtualizationredhat : openstack_platformredhat : openstack_platformredhat : openstack_platformredhat : process_automationredhat : quayredhat : run_once_duration_override_operatorredhat : satelliteredhat : self_node_remediation_operatorredhat : service_interconnectredhat : single_sign-onredhat : support_for_spring_bootredhat : web_terminalredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linuxredhat : service_telemetry_frameworkfedoraproject : fedorafedoraproject : fedoranetapp : astra_control_centernetapp : oncommand_insightakka : http_serverkonghq : kong_gatewayjenkins : jenkinsjenkins : jenkinsapache : solropenresty : openrestycisco : business_process_automationcisco : connected_mobile_experiencescisco : crosswork_data_gatewaycisco : crosswork_data_gatewaycisco : crosswork_situation_managercisco : crosswork_zero_touch_provisioningcisco : data_center_network_managercisco : enterprise_chat_and_emailcisco : expresswaycisco : firepower_threat_defensecisco : iot_field_network_directorcisco : prime_access_registrarcisco : prime_cable_provisioningcisco : prime_infrastructurecisco : prime_network_registrarcisco : secure_dynamic_attributes_connectorcisco : secure_malware_analyticscisco : telepresence_video_communication_servercisco : ultra_cloud_core_-_policy_control_functioncisco : ultra_cloud_core_-_policy_control_functioncisco : ultra_cloud_core_-_serving_gateway_functioncisco : ultra_cloud_core_-_session_management_functioncisco : unified_attendant_console_advancedcisco : unified_contact_center_domain_managercisco : unified_contact_center_enterprisecisco : unified_contact_center_enterprise_-_live_data_servercisco : unified_contact_center_management_portalcisco : fog_directorcisco : ios_xecisco : ios_xrcisco : secure_web_appliance_firmwarecisco : nx-oscisco : nx-oscisco : nx-oscisco : nx-oscisco : nx-oscisco : nx-os
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.