CVE-2023-44487
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity: HIGH
CVE ID: CVE-2023-44487
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Proof Of Concept
bcdannyboy
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
Refrence: GitHub
imabee101
Proof of concept for DoS exploit
Refrence: GitHub
ByteHackr
Test Script for CVE-2023-44487
Refrence: GitHub
pabloec20
CVE-2023-44487
Refrence: GitHub
secengjeff
Tool for testing mitigations and exposure to Rapid Reset DDoS (CVE-2023-44487)
Refrence: GitHub
studiogangster
A python based exploit to test out rapid reset attack (CVE-2023-44487)
Refrence: GitHub
ReToCode
Refrence: GitHub
ndrscodes
Highly configurable tool to check a server's vulnerability against CVE-2023-44487 by rapidly sending HEADERS and RST_STREAM frames and documenting the server's responses.
Refrence: GitHub
nxenon
Examples for Implementing cve-2023-44487 ( HTTP/2 Rapid Reset Attack ) Concept
Refrence: GitHub
terrorist
A tool to check how well a system can handle Rapid Reset DDoS attacks (CVE-2023-44487).
Refrence: GitHub
sigridou
Refrence: GitHub
TYuan0816
Refrence: GitHub