Vulnerabilites related to traefik - traefik
cve-2023-29013
Vulnerability from cvelistv5
Published
2023-04-14 18:15
Modified
2025-02-13 16:48
Severity ?
EPSS score ?
Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.348Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", }, { name: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.10", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.10", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230517-0008/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29013", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T18:53:48.222300Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T18:56:43.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.9.10", }, { status: "affected", version: "= 2.10.0-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-17T19:06:19.844Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", }, { name: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.10", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.10", }, { url: "https://security.netapp.com/advisory/ntap-20230517-0008/", }, ], source: { advisory: "GHSA-7hj9-rv74-5g92", discovery: "UNKNOWN", }, title: "HTTP header parsing could cause a deny of service", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-29013", datePublished: "2023-04-14T18:15:12.622Z", dateReserved: "2023-03-29T17:39:16.143Z", dateUpdated: "2025-02-13T16:48:58.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23632
Vulnerability from cvelistv5
Published
2022-02-17 14:55
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/pull/8764 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.6.1 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.023Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/pull/8764", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.6.1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.6.1", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:50:16", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/pull/8764", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.6.1", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { advisory: "GHSA-hrhx-6h34-j5hc", discovery: "UNKNOWN", }, title: "Traefik skips the router TLS configuration when the host header is an FQDN", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-23632", STATE: "PUBLIC", TITLE: "Traefik skips the router TLS configuration when the host header is an FQDN", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "traefik", version: { version_data: [ { version_value: "< 2.6.1", }, ], }, }, ], }, vendor_name: "traefik", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295: Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", refsource: "CONFIRM", url: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", }, { name: "https://github.com/traefik/traefik/pull/8764", refsource: "MISC", url: "https://github.com/traefik/traefik/pull/8764", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.6.1", refsource: "MISC", url: "https://github.com/traefik/traefik/releases/tag/v2.6.1", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { advisory: "GHSA-hrhx-6h34-j5hc", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23632", datePublished: "2022-02-17T14:55:10", dateReserved: "2022-01-19T00:00:00", dateUpdated: "2024-08-03T03:51:46.023Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47124
Vulnerability from cvelistv5
Published
2023-12-04 20:20
Modified
2024-12-18 14:12
Severity ?
EPSS score ?
Summary
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f | x_refsource_CONFIRM | |
| https://doc.traefik.io/traefik/https/acme/#dnschallenge | x_refsource_MISC | |
| https://doc.traefik.io/traefik/https/acme/#httpchallenge | x_refsource_MISC | |
| https://doc.traefik.io/traefik/https/acme/#tlschallenge | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.10.6 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5 | x_refsource_MISC | |
| https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", }, { name: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", }, { name: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", }, { name: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { name: "ttps://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/", tags: [ "x_refsource_MISC", "x_transferred", ], url: "ttps://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.10.6", }, { status: "affected", version: ">= 3.0.0-beta1, < 3.0.0-beta5", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-772", description: "CWE-772: Missing Release of Resource after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T14:12:58.629Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", }, { name: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", tags: [ "x_refsource_MISC", ], url: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", }, { name: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", tags: [ "x_refsource_MISC", ], url: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", }, { name: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", tags: [ "x_refsource_MISC", ], url: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { name: "https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris", tags: [ "x_refsource_MISC", ], url: "https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris", }, ], source: { advisory: "GHSA-8g85-whqh-cr2f", discovery: "UNKNOWN", }, title: "Denial of service whith ACME HTTPChallenge in Traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-47124", datePublished: "2023-12-04T20:20:30.727Z", dateReserved: "2023-10-30T19:57:51.676Z", dateUpdated: "2024-12-18T14:12:58.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2025-03-07 18:15
Severity ?
EPSS score ?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http", vendor: "ietf", versions: [ { status: "affected", version: "2.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-44487", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:34:21.334116Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-10-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T20:35:03.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-19T07:48:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { tags: [ "x_transferred", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37831062", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { tags: [ "x_transferred", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { tags: [ "x_transferred", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { tags: [ "x_transferred", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { tags: [ "x_transferred", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { tags: [ "x_transferred", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { tags: [ "x_transferred", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830987", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830998", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { tags: [ "x_transferred", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { tags: [ "x_transferred", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { tags: [ "x_transferred", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { tags: [ "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { tags: [ "x_transferred", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { tags: [ "x_transferred", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { tags: [ "x_transferred", ], url: "https://github.com/facebook/proxygen/pull/466", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { tags: [ "x_transferred", ], url: "https://github.com/micrictor/http2-rst-stream", }, { tags: [ "x_transferred", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { tags: [ "x_transferred", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/pull/3291", }, { tags: [ "x_transferred", ], url: "https://github.com/nodejs/node/pull/50121", }, { tags: [ "x_transferred", ], url: "https://github.com/dotnet/announcements/issues/277", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/go/issues/63417", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { tags: [ "x_transferred", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { tags: [ "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { tags: [ "x_transferred", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { tags: [ "x_transferred", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { tags: [ "x_transferred", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37837043", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { tags: [ "x_transferred", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { tags: [ "x_transferred", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { tags: [ "x_transferred", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { tags: [ "x_transferred", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { tags: [ "x_transferred", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { tags: [ "x_transferred", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { tags: [ "x_transferred", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd-site/pull/10", }, { tags: [ "x_transferred", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { tags: [ "x_transferred", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { tags: [ "x_transferred", ], url: "https://github.com/line/armeria/pull/5232", }, { tags: [ "x_transferred", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/akka/akka-http/issues/4323", }, { tags: [ "x_transferred", ], url: "https://github.com/openresty/openresty/issues/930", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/apisix/issues/10320", }, { tags: [ "x_transferred", ], url: "https://github.com/Azure/AKS/issues/3947", }, { tags: [ "x_transferred", ], url: "https://github.com/Kong/kong/discussions/11741", }, { tags: [ "x_transferred", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { tags: [ "x_transferred", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { tags: [ "x_transferred", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-07T18:15:13.812Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { url: "https://news.ycombinator.com/item?id=37831062", }, { url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { url: "https://github.com/envoyproxy/envoy/pull/30055", }, { url: "https://github.com/haproxy/haproxy/issues/2312", }, { url: "https://github.com/eclipse/jetty.project/issues/10679", }, { url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { url: "https://github.com/alibaba/tengine/issues/1872", }, { url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { url: "https://news.ycombinator.com/item?id=37830987", }, { url: "https://news.ycombinator.com/item?id=37830998", }, { url: "https://github.com/caddyserver/caddy/issues/5877", }, { url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { url: "https://github.com/grpc/grpc-go/pull/6703", }, { url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { url: "https://my.f5.com/manage/s/article/K000137106", }, { url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { name: "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/10/7", }, { name: "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { url: "https://github.com/facebook/proxygen/pull/466", }, { url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { url: "https://github.com/micrictor/http2-rst-stream", }, { url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { url: "https://github.com/h2o/h2o/pull/3291", }, { url: "https://github.com/nodejs/node/pull/50121", }, { url: "https://github.com/dotnet/announcements/issues/277", }, { url: "https://github.com/golang/go/issues/63417", }, { url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { url: "https://github.com/apache/trafficserver/pull/10564", }, { url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { url: "https://news.ycombinator.com/item?id=37837043", }, { url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { url: "https://github.com/ninenines/cowboy/issues/1615", }, { url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { url: "https://blog.vespa.ai/cve-2023-44487/", }, { url: "https://github.com/etcd-io/etcd/issues/16740", }, { url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { url: "https://ubuntu.com/security/CVE-2023-44487", }, { url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { url: "https://github.com/apache/httpd-site/pull/10", }, { url: "https://github.com/projectcontour/contour/pull/5826", }, { url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { url: "https://github.com/line/armeria/pull/5232", }, { url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { url: "https://github.com/akka/akka-http/issues/4323", }, { url: "https://github.com/openresty/openresty/issues/930", }, { url: "https://github.com/apache/apisix/issues/10320", }, { url: "https://github.com/Azure/AKS/issues/3947", }, { url: "https://github.com/Kong/kong/discussions/11741", }, { url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://github.com/grpc/grpc/releases/tag/v1.59.2", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-44487", datePublished: "2023-10-10T00:00:00.000Z", dateReserved: "2023-09-29T00:00:00.000Z", dateUpdated: "2025-03-07T18:15:13.812Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15598
Vulnerability from cvelistv5
Published
2018-08-21 01:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containous/traefik/pull/3790 | x_refsource_MISC | |
| https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b | x_refsource_MISC | |
| https://github.com/containous/traefik/releases/tag/v1.6.6 | x_refsource_MISC | |
| https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:53.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/3790", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-20T00:00:00", descriptions: [ { lang: "en", value: "Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-21T01:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/3790", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/releases/tag/v1.6.6", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-15598", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containous/traefik/pull/3790", refsource: "MISC", url: "https://github.com/containous/traefik/pull/3790", }, { name: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", refsource: "MISC", url: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", }, { name: "https://github.com/containous/traefik/releases/tag/v1.6.6", refsource: "MISC", url: "https://github.com/containous/traefik/releases/tag/v1.6.6", }, { name: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", refsource: "MISC", url: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-15598", datePublished: "2018-08-21T01:00:00", dateReserved: "2018-08-20T00:00:00", dateUpdated: "2024-08-05T10:01:53.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9321
Vulnerability from cvelistv5
Published
2020-03-16 18:14
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containous/traefik/pull/6281 | x_refsource_MISC | |
| https://github.com/containous/traefik/releases/tag/v2.1.4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:26:16.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/6281", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/releases/tag/v2.1.4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-16T18:14:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/6281", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/releases/tag/v2.1.4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-9321", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containous/traefik/pull/6281", refsource: "MISC", url: "https://github.com/containous/traefik/pull/6281", }, { name: "https://github.com/containous/traefik/releases/tag/v2.1.4", refsource: "MISC", url: "https://github.com/containous/traefik/releases/tag/v2.1.4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-9321", datePublished: "2020-03-16T18:14:29", dateReserved: "2020-02-20T00:00:00", dateUpdated: "2024-08-04T10:26:16.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46153
Vulnerability from cvelistv5
Published
2022-12-08 21:46
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a | x_refsource_MISC | |
| https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.9.6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:24:03.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", }, { name: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", }, { name: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.9.6", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-08T21:46:22.054Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", }, { name: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", }, { name: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", tags: [ "x_refsource_MISC", ], url: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, ], source: { advisory: "GHSA-468w-8x39-gj5v", discovery: "UNKNOWN", }, title: "Routes exposed with an empty TLSOption in traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-46153", datePublished: "2022-12-08T21:46:22.054Z", dateReserved: "2022-11-28T17:27:19.996Z", dateUpdated: "2024-08-03T14:24:03.374Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47106
Vulnerability from cvelistv5
Published
2023-12-04 20:26
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm | x_refsource_CONFIRM | |
| https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.10.6 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", }, { name: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.10.6", }, { status: "affected", version: ">= 3.0.0-beta1, < 3.0.0-beta5", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T20:26:36.710Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", }, { name: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", tags: [ "x_refsource_MISC", ], url: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, ], source: { advisory: "GHSA-fvhj-4qfh-q2hm", discovery: "UNKNOWN", }, title: "Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-47106", datePublished: "2023-12-04T20:26:36.710Z", dateReserved: "2023-10-30T19:57:51.673Z", dateUpdated: "2024-08-02T21:01:22.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15129
Vulnerability from cvelistv5
Published
2020-07-30 15:20
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp | x_refsource_CONFIRM | |
| https://github.com/containous/traefik/releases/tag/v1.7.26 | x_refsource_MISC | |
| https://github.com/containous/traefik/releases/tag/v2.2.8 | x_refsource_MISC | |
| https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 | x_refsource_MISC | |
| https://github.com/containous/traefik/pull/7109 | x_refsource_MISC | |
| https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containous | traefik |
Version: < 1.7.26 Version: >= 2.0.0, < 2.2.8 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:22.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/releases/tag/v1.7.26", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/releases/tag/v2.2.8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/7109", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "containous", versions: [ { status: "affected", version: "< 1.7.26", }, { status: "affected", version: ">= 2.0.0, < 2.2.8", }, ], }, ], descriptions: [ { lang: "en", value: "In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the \"X-Forwarded-Prefix\" header. The Traefik API dashboard component doesn't validate that the value of the header \"X-Forwarded-Prefix\" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-30T15:20:15", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/releases/tag/v1.7.26", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/releases/tag/v2.2.8", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/7109", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", }, ], source: { advisory: "GHSA-6qq8-5wq3-86rp", discovery: "UNKNOWN", }, title: "Open redirect in Traefik", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-15129", STATE: "PUBLIC", TITLE: "Open redirect in Traefik", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "traefik", version: { version_data: [ { version_value: "< 1.7.26", }, { version_value: ">= 2.0.0, < 2.2.8", }, ], }, }, ], }, vendor_name: "containous", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the \"X-Forwarded-Prefix\" header. The Traefik API dashboard component doesn't validate that the value of the header \"X-Forwarded-Prefix\" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", refsource: "CONFIRM", url: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", }, { name: "https://github.com/containous/traefik/releases/tag/v1.7.26", refsource: "MISC", url: "https://github.com/containous/traefik/releases/tag/v1.7.26", }, { name: "https://github.com/containous/traefik/releases/tag/v2.2.8", refsource: "MISC", url: "https://github.com/containous/traefik/releases/tag/v2.2.8", }, { name: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", refsource: "MISC", url: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", }, { name: "https://github.com/containous/traefik/pull/7109", refsource: "MISC", url: "https://github.com/containous/traefik/pull/7109", }, { name: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", refsource: "MISC", url: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", }, ], }, source: { advisory: "GHSA-6qq8-5wq3-86rp", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-15129", datePublished: "2020-07-30T15:20:15", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:22.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12452
Vulnerability from cvelistv5
Published
2019-05-29 18:43
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containous/traefik/issues/4917 | x_refsource_MISC | |
| https://github.com/containous/traefik/pull/4918 | x_refsource_MISC | |
| https://docs.traefik.io/configuration/api/#security | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:40.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/issues/4917", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/pull/4918", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.traefik.io/configuration/api/#security", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-29T18:43:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/issues/4917", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/pull/4918", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.traefik.io/configuration/api/#security", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12452", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containous/traefik/issues/4917", refsource: "MISC", url: "https://github.com/containous/traefik/issues/4917", }, { name: "https://github.com/containous/traefik/pull/4918", refsource: "MISC", url: "https://github.com/containous/traefik/pull/4918", }, { name: "https://docs.traefik.io/configuration/api/#security", refsource: "MISC", url: "https://docs.traefik.io/configuration/api/#security", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12452", datePublished: "2019-05-29T18:43:05", dateReserved: "2019-05-29T00:00:00", dateUpdated: "2024-08-04T23:17:40.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47633
Vulnerability from cvelistv5
Published
2023-12-04 20:36
Modified
2024-11-27 16:03
Severity ?
EPSS score ?
Summary
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/releases/tag/v2.10.6 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:16:42.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47633", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T16:02:05.761433Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T16:03:02.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.10.6", }, { status: "affected", version: ">= 3.0.0-beta1, < 3.0.0-beta5", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T20:36:19.000Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.10.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, ], source: { advisory: "GHSA-6fwg-jrfw-ff7p", discovery: "UNKNOWN", }, title: "Uncontrolled Resource Consumption in Traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-47633", datePublished: "2023-12-04T20:36:19.000Z", dateReserved: "2023-11-07T16:57:49.244Z", dateUpdated: "2024-11-27T16:03:02.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-52003
Vulnerability from cvelistv5
Published
2024-11-29 18:15
Modified
2024-12-02 11:19
Severity ?
EPSS score ?
Summary
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/pull/11253 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.11.14 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.2.1 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-52003", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T11:17:19.558152Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T11:19:36.740Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.11.14", }, { status: "affected", version: ">= 3.0.0, < 3.2.1", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "HIGH", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 6.3, baseSeverity: "MEDIUM", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T18:15:34.123Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg", }, { name: "https://github.com/traefik/traefik/pull/11253", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/pull/11253", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.14", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.14", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.2.1", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.2.1", }, ], source: { advisory: "GHSA-h924-8g65-j9wg", discovery: "UNKNOWN", }, title: "X-Forwarded-Prefix Header still allows for Open Redirect in traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-52003", datePublished: "2024-11-29T18:15:34.123Z", dateReserved: "2024-11-04T17:46:16.778Z", dateUpdated: "2024-12-02T11:19:36.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28869
Vulnerability from cvelistv5
Published
2024-04-12 21:08
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6 | x_refsource_MISC | |
| https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.11.2 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "traefik", vendor: "traefik", versions: [ { lessThan: "2.11.2", status: "affected", version: "0", versionType: "custom", }, { lessThanOrEqual: "3.0.0-rc3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-28869", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T18:26:38.989480Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T18:27:45.460Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:56:58.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw", }, { name: "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6", }, { name: "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.2", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.11.2", }, { status: "affected", version: ">= 3.0.0-rc1, < 3.0.0-rc5", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755: Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T21:08:36.288Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw", }, { name: "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6", }, { name: "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts", tags: [ "x_refsource_MISC", ], url: "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.2", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.2", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5", }, ], source: { advisory: "GHSA-4vwx-54mw-vqfw", discovery: "UNKNOWN", }, title: "Possible denial of service vulnerability with Content-length header in Traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-28869", datePublished: "2024-04-12T21:08:36.288Z", dateReserved: "2024-03-11T22:45:07.688Z", dateUpdated: "2024-08-02T00:56:58.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23469
Vulnerability from cvelistv5
Published
2022-12-08 21:33
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/pull/9574 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.9.6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:45.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", }, { name: "https://github.com/traefik/traefik/pull/9574", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/pull/9574", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.9.6", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-08T21:33:19.114Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", }, { name: "https://github.com/traefik/traefik/pull/9574", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/pull/9574", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.9.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, ], source: { advisory: "GHSA-h2ph-vhm7-g4hp", discovery: "UNKNOWN", }, title: "Authorization header displayed in the debug logs", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23469", datePublished: "2022-12-08T21:33:19.114Z", dateReserved: "2022-01-19T21:23:53.756Z", dateUpdated: "2024-08-03T03:43:45.925Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-39271
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:00:43.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr", }, { tags: [ "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.8.8", }, { tags: [ "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: " < 2.8.8", }, { status: "affected", version: ">= 2.9.0-rc1, < 2.9.0-rc5", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-11T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr", }, { url: "https://github.com/traefik/traefik/releases/tag/v2.8.8", }, { url: "https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5", }, ], source: { advisory: "GHSA-c6hx-pjc3-7fqr", discovery: "UNKNOWN", }, title: "Traefik HTTP/2 connections management could cause a denial of service", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-39271", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-02T00:00:00", dateUpdated: "2024-08-03T12:00:43.598Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39321
Vulnerability from cvelistv5
Published
2024-07-05 17:32
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9 | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/releases/tag/v2.11.6 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.0.4 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39321", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-05T20:07:02.660742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T20:07:14.424Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.6", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.4", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.4", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.11.6", }, { status: "affected", version: ">= 3.0.0-beta3, < 3.0.4", }, { status: "affected", version: ">= 3.1.0-rc1, < 3.1.0-rc3", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-639", description: "CWE-639: Authorization Bypass Through User-Controlled Key", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-05T17:32:06.688Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.6", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.6", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.0.4", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.4", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3", }, ], source: { advisory: "GHSA-gxrv-wf35-62w9", discovery: "UNKNOWN", }, title: "Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-39321", datePublished: "2024-07-05T17:32:06.688Z", dateReserved: "2024-06-21T18:15:22.263Z", dateUpdated: "2024-08-02T04:19:20.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32813
Vulnerability from cvelistv5
Published
2021-08-03 22:50
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v2.4.13 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:33:55.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/traefik/traefik/releases/tag/v2.4.13", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.4.13", }, { status: "affected", version: "<= 1.7.30", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-913", description: "CWE-913: Improper Control of Dynamically-Managed Code Resources", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-03T22:50:11", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.4.13", }, ], source: { advisory: "GHSA-m697-4v8f-55qg", discovery: "UNKNOWN", }, title: "Drop Headers via Malicious Connection Header ", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32813", STATE: "PUBLIC", TITLE: "Drop Headers via Malicious Connection Header ", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "traefik", version: { version_data: [ { version_value: "< 2.4.13", }, { version_value: "<= 1.7.30", }, ], }, }, ], }, vendor_name: "traefik", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-913: Improper Control of Dynamically-Managed Code Resources", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", refsource: "CONFIRM", url: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", }, { name: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", refsource: "MISC", url: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.4.13", refsource: "MISC", url: "https://github.com/traefik/traefik/releases/tag/v2.4.13", }, ], }, source: { advisory: "GHSA-m697-4v8f-55qg", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32813", datePublished: "2021-08-03T22:50:11", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:33:55.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20894
Vulnerability from cvelistv5
Published
2020-07-02 15:30
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containous/traefik/issues/5312 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:53:09.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/containous/traefik/issues/5312", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-02T15:30:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/containous/traefik/issues/5312", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containous/traefik/issues/5312", refsource: "MISC", url: "https://github.com/containous/traefik/issues/5312", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20894", datePublished: "2020-07-02T15:30:22", dateReserved: "2020-07-02T00:00:00", dateUpdated: "2024-08-05T02:53:09.404Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45410
Vulnerability from cvelistv5
Published
2024-09-19 22:51
Modified
2024-09-20 14:59
Severity ?
EPSS score ?
Summary
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv | x_refsource_CONFIRM | |
| https://github.com/traefik/traefik/releases/tag/v2.11.9 | x_refsource_MISC | |
| https://github.com/traefik/traefik/releases/tag/v3.1.3 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "traefik", vendor: "traefik", versions: [ { lessThan: "2.11.9", status: "affected", version: "0", versionType: "custom", }, { lessThan: "3.1.3", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45410", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-20T14:58:01.711908Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-20T14:59:42.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "traefik", vendor: "traefik", versions: [ { status: "affected", version: "< 2.11.9", }, { status: "affected", version: ">= 3.0.0, < 3.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-345", description: "CWE-345: Insufficient Verification of Data Authenticity", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-348", description: "CWE-348: Use of Less Trusted Source", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-19T22:51:02.622Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv", }, { name: "https://github.com/traefik/traefik/releases/tag/v2.11.9", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.9", }, { name: "https://github.com/traefik/traefik/releases/tag/v3.1.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/traefik/traefik/releases/tag/v3.1.3", }, ], source: { advisory: "GHSA-62c8-mh53-4cqv", discovery: "UNKNOWN", }, title: "HTTP client can remove the X-Forwarded headers in Traefik", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45410", datePublished: "2024-09-19T22:51:02.622Z", dateReserved: "2024-08-28T20:21:32.805Z", dateUpdated: "2024-09-20T14:59:42.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-07-30 16:15
Modified
2024-11-21 05:04
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA6DDDF-0CCE-4F34-B993-305049E7DC46", versionEndExcluding: "1.7.26", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "BF5748F2-BC60-4968-9FF3-DFF79974BCB4", versionEndExcluding: "2.2.8", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.3.0:-:*:*:*:*:*:*", matchCriteriaId: "2C1C7705-8F28-403A-AC3A-E6568DCA3C04", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.3.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A096CD89-632E-4659-AF8A-46318E8A5061", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.3.0:rc2:*:*:*:*:*:*", matchCriteriaId: "7FCCB5B2-7F5D-453F-9B49-89DEEA446CA7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the \"X-Forwarded-Prefix\" header. The Traefik API dashboard component doesn't validate that the value of the header \"X-Forwarded-Prefix\" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.", }, { lang: "es", value: "En Traefik antes de las versiones 1.7.26, 2.2.8 y 2.3.0-rc3, se presenta una posible vulnerabilidad de redireccionamiento abierto en el manejo del encabezado \"X-Forwarded-Prefix\" de Traefik. El componente del panel de la API Traefik no comprueba que el valor del encabezado \"X-Forwarded-Prefix\" sea una ruta relativa al sitio y redireccionará a cualquier URI proporcionado por el encabezado. Una explotación con éxito de un redireccionamiento abierto puede ser utilizado para atraer a las víctimas a revelar información confidencial. Una explotación activa de este problema es poco probable ya que requeriría una inyección activa del encabezado, sin embargo, el equipo de Traefik abordó este problema para impedir el abuso en por ejemplo escenarios de envenenamiento de caché", }, ], id: "CVE-2020-15129", lastModified: "2024-11-21T05:04:54.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-30T16:15:11.537", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/7109", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v1.7.26", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v2.2.8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/7109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v1.7.26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v2.2.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-02 16:15
Modified
2024-11-21 04:39
Severity ?
Summary
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/containous/traefik/issues/5312 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/containous/traefik/issues/5312 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "D3797D3C-EEE8-4FC6-9B4A-43DDF66C92AF", versionEndExcluding: "2.0.1", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.", }, { lang: "es", value: "Traefik versiones 2.x, en determinadas configuraciones, permite a unas sesiones HTTPS continuar sin verificación mutua de TLS en una situación donde ERR_BAD_SSL_CLIENT_AUTH_CERT debería haber ocurrido", }, ], id: "CVE-2019-20894", lastModified: "2024-11-21T04:39:38.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-02T16:15:11.357", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/containous/traefik/issues/5312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/containous/traefik/issues/5312", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-19 23:15
Modified
2024-09-25 17:39
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "D8862E39-A57C-4CD5-A289-A853D9402298", versionEndExcluding: "2.11.9", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "31D16308-8F47-4EAC-B102-1FDEA4B3F9F1", versionEndExcluding: "3.1.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Traefik es un proxy de aplicación nativo de la nube (golang). Cuando Traefik procesa una solicitud HTTP, Traefik agrega ciertos encabezados HTTP como X-Forwarded-Host o X-Forwarded-Port antes de que la solicitud se envíe a la aplicación. Para un cliente HTTP, no debería ser posible eliminar o modificar estos encabezados. Dado que la aplicación confía en el valor de estos encabezados, podrían surgir implicaciones de seguridad si se pueden modificar. Sin embargo, para HTTP/1.1, se descubrió que algunos de estos encabezados personalizados sí se pueden eliminar y, en ciertos casos, manipular. El ataque se basa en el comportamiento de HTTP/1.1, que permite definir los encabezados como salto a salto a través del encabezado de conexión HTTP. Este problema se ha solucionado en las versiones de lanzamiento 2.11.9 y 3.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2024-45410", lastModified: "2024-09-25T17:39:08.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-19T23:15:11.480", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.11.9", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.1.3", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, { lang: "en", value: "CWE-348", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-17 15:15
Modified
2024-11-21 06:48
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/traefik/traefik/pull/8764 | Issue Tracking, Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/releases/tag/v2.6.1 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc | Patch, Third Party Advisory | |
| security-advisories@github.com | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/pull/8764 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/releases/tag/v2.6.1 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| traefik | traefik | * | |
| oracle | communications_unified_inventory_management | 7.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "688B9BE9-40C2-423A-8FF1-131EF920CD23", versionEndExcluding: "2.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled.", }, { lang: "es", value: "Traefik es un proxy inverso HTTP y equilibrador de carga. En versiones anteriores a 2.6.1, Traefik omitía la configuración de seguridad de la capa de transporte (TLS) del router cuando el encabezado del host era un nombre de dominio completo (FQDN). Para una petición, la elección de la configuración TLS puede ser diferente a la elección del router, lo que implica el uso de una configuración TLS errónea. Cuando es enviada una petición usando FQDN manejada por un router configurado con una configuración TLS dedicada, la configuración TLS vuelve a la configuración por defecto que puede no corresponder a la configurada. Si el aplanamiento de CNAME está habilitado, la configuración TLS seleccionada es la de SNI y el enrutamiento usa el valor de CNAME, por lo que puede omitir la configuración TLS esperada. La versión 2.6.1 contiene un parche para este problema. Como medida de mitigación, puede añadirse el FDQN a la regla de host. Sin embargo, no es presentada una medida de mitigación si el aplanamiento CNAME está habilitado", }, ], id: "CVE-2022-23632", lastModified: "2024-11-21T06:48:58.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-17T15:15:09.580", references: [ { source: "security-advisories@github.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/8764", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.6.1", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/8764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.6.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 21:15
Modified
2024-11-21 08:29
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "AB0C6F34-0937-44ED-B248-F7B63DDA7820", versionEndIncluding: "2.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "4B5B7BC8-0BBF-48DC-86B1-FC3D7CB8D5AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.", }, { lang: "es", value: "Traefik es un equilibrador de carga y proxy inverso HTTP de código abierto. Cuando Traefik está configurado para usar `HTTPChallenge` para generar y renovar los certificados TLS de Let's Encrypt, los atacantes pueden aprovechar el retraso autorizado para resolver el desafío (50 segundos) para lograr un `ataque lento`. Esta vulnerabilidad ha sido parcheada en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben reemplazar `HTTPChallenge` con `TLSChallenge` o `DNSChallenge`.", }, ], id: "CVE-2023-47124", lastModified: "2024-11-21T08:29:49.663", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T21:15:33.850", references: [ { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", }, { source: "security-advisories@github.com", url: "https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#dnschallenge", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#httpchallenge", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://doc.traefik.io/traefik/https/acme/#tlschallenge", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-8g85-whqh-cr2f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ttps://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 21:15
Modified
2024-11-21 08:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "AB0C6F34-0937-44ED-B248-F7B63DDA7820", versionEndIncluding: "2.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "4B5B7BC8-0BBF-48DC-86B1-FC3D7CB8D5AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Traefik es un equilibrador de carga y proxy inverso HTTP de código abierto. El contenedor acoplable traefik utiliza 100% de CPU cuando sirve como su propio backend, que es una ruta generada automáticamente como resultado de la integración de Docker en la configuración predeterminada. Este problema se solucionó en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2023-47633", lastModified: "2024-11-21T08:30:34.263", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T21:15:34.063", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-14 19:15
Modified
2025-02-13 17:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "D38F7D80-DDA8-421D-9C97-C3F53BA1F096", versionEndExcluding: "2.9.10", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.10.0:rc1:*:*:*:*:*:*", matchCriteriaId: "748FFA04-66D8-4821-B6F3-38BBE07490FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.", }, ], id: "CVE-2023-29013", lastModified: "2025-02-13T17:16:17.370", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-14T19:15:09.127", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.10", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230517-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230517-0008/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-16 19:15
Modified
2024-11-21 05:40
Severity ?
Summary
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/containous/traefik/pull/6281 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/containous/traefik/releases/tag/v2.1.4 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/containous/traefik/pull/6281 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/containous/traefik/releases/tag/v2.1.4 | Release Notes |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "4B3E955A-82D7-43A8-A777-487B58826397", versionEndIncluding: "2.1.4", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "94148755-6CD8-4D3D-8D22-FC847A3473E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.", }, { lang: "es", value: "configurationwatcher.go en Traefik versiones 2.x anteriores a 2.1.4 y TraefikEE versión 2.0.0, maneja inapropiadamente la depuración del contenido del certificado de proveedores antes de iniciar sesión.", }, ], id: "CVE-2020-9321", lastModified: "2024-11-21T05:40:24.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-16T19:15:11.443", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/6281", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/containous/traefik/releases/tag/v2.1.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/6281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/containous/traefik/releases/tag/v2.1.4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2025-03-07 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
Impacted products
{ cisaActionDue: "2023-10-31", cisaExploitAdd: "2023-10-10", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "HTTP/2 Rapid Reset Attack Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D5200E35-222B-42E0-83E0-5B702684D992", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", matchCriteriaId: "C3BDC297-F023-4E87-8518-B84CCF9DD6A8", versionEndExcluding: "1.57.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", matchCriteriaId: "D12D5257-7ED2-400F-9EF7-40E0D3650C2B", versionEndExcluding: "4.1.100", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*", matchCriteriaId: "1B058776-B5B7-4079-B0AF-23F40926DCEC", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*", matchCriteriaId: "6D565975-EFD9-467C-B6E3-1866A4EF17A4", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*", matchCriteriaId: "6D487271-1B5E-4F16-B0CB-A7B8908935C6", vulnerable: true, }, { criteria: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*", matchCriteriaId: "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "A4A6F189-6C43-462D-85C9-B0EBDA8A4683", versionEndExcluding: "9.4.53", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "C993C920-85C0-4181-A95E-5D965A670738", versionEndExcluding: "10.0.17", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "08E79A8E-E12C-498F-AF4F-1AAA7135661E", versionEndExcluding: "11.0.17", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "F138D800-9A3B-4C76-8A3C-4793083A1517", versionEndExcluding: "12.0.2", versionStartIncluding: "12.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", matchCriteriaId: "6341DDDA-AD27-4087-9D59-0A212F0037B4", versionEndExcluding: "2.7.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "328120E4-C031-44B4-9BE5-03B0CDAA066F", versionEndExcluding: "1.20.10", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A", versionEndExcluding: "1.21.3", versionStartIncluding: "1.21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*", matchCriteriaId: "D7D2F801-6F65-4705-BCB9-D057EA54A707", versionEndExcluding: "0.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", matchCriteriaId: "801F25DA-F38C-4452-8E90-235A3B1A5FF0", versionEndExcluding: "0.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D93F04AD-DF14-48AB-9F13-8B2E491CF42E", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7522C760-7E07-406F-BF50-5656D5723C4F", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A7F605E-EB10-40FB-98D6-7E3A95E310BC", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "783E62F2-F867-48F1-B123-D1227C970674", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6603ED6A-3366-4572-AFCD-B3D4B1EC7606", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "88978E38-81D3-4EFE-8525-A300B101FA69", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0510296F-92D7-4388-AE3A-0D9799C2FC4D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D7698D6C-B1F7-43C1-BBA6-88E956356B3D", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "05E452AA-A520-4CBE-8767-147772B69194", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "596FC5D5-7329-4E39-841E-CAE937C02219", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "B3C7A168-F370-441E-8790-73014BCEC39F", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "CF16FD01-7704-40AB-ACB2-80A883804D22", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "9167FEC1-2C37-4946-9657-B4E69301FB24", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "7B4B3442-E0C0-48CD-87AD-060E15C9801E", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "20662BB0-4C3D-4CF0-B068-3555C65DD06C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "59203EBF-C52A-45A1-B8DF-00E17E3EFB51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C8F39403-C259-4D6F-9E9A-53671017EEDB", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "220F2D38-FA82-45EF-B957-7678C9FEDBC1", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5C698C1C-A3DD-46E2-B05A-12F2604E7F85", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "922AA845-530A-4B4B-9976-4CBC30C8A324", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F938EB43-8373-47EB-B269-C6DF058A9244", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1771493E-ACAA-477F-8AB4-25DB12F6AD6E", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "87670A74-34FE-45DF-A725-25B804C845B3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "C7E422F6-C4C2-43AC-B137-0997B5739030", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "CC3F710F-DBCB-4976-9719-CF063DA22377", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "67DB21AE-DF53-442D-B492-C4ED9A20B105", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "4C9FCBCB-9CE0-49E7-85C8-69E71D211912", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "112DFA85-90AD-478D-BD70-8C7C0C074F1B", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "21D51D9F-2840-4DEA-A007-D20111A1745C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7BC1D037-74D2-4F92-89AD-C90F6CBF440B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "2FBCE2D1-9D93-415D-AB2C-2060307C305A", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "8070B469-8CC4-4D2F-97D7-12D0ABB963C1", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "A326597E-725D-45DE-BEF7-2ED92137B253", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "7B235A78-649B-46C5-B24B-AB485A884654", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "08B25AAB-A98C-4F89-9131-29E3A8C0ED23", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "98D2CE1E-DED0-470A-AA78-C78EF769C38E", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "BC36311E-BB00-4750-85C8-51F5A2604F07", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "A65D357E-4B40-42EC-9AAA-2B6CEF78C401", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "ABBD10E8-6054-408F-9687-B9BF6375CA09", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E6018B01-048C-43BB-A78D-66910ED60CA9", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "83794B04-87E2-4CA9-81F5-BB820D0F5395", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D9EC2237-117F-43BD-ADEC-516CF72E04EF", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "29563719-1AF2-4BB8-8CCA-A0869F87795D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D24815DD-579A-46D1-B9F2-3BB2C56BC54D", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0A6E7035-3299-474F-8F67-945EA9A059D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0360F76D-E75E-4B05-A294-B47012323ED9", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7A4607BF-41AC-4E84-A110-74E085FF0445", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "441CC945-7CA3-49C0-AE10-94725301E31D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "969C4F14-F6D6-46D6-B348-FC1463877680", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "41AD5040-1250-45F5-AB63-63F333D49BCC", versionEndIncluding: "1.8.2", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8257AA59-C14D-4EC1-B22C-DFBB92CBC297", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FFF5007E-761C-4697-8D34-C064DF0ABE8D", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "910441D3-90EF-4375-B007-D51120A60AB2", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "667EB77B-DA13-4BA4-9371-EE3F3A109F38", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "8A6F9699-A485-4614-8F38-5A556D31617E", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "5A90F547-97A2-41EC-9FDF-25F869F0FA38", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E76E1B82-F1DC-4366-B388-DBDF16C586A0", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "660137F4-15A1-42D1-BBAC-99A1D5BB398B", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "C446827A-1F71-4FAD-9422-580642D26AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D47B7691-A95B-45C0-BAB4-27E047F3C379", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "2CD1637D-0E42-4928-867A-BA0FDB6E8462", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "3A599F90-F66B-4DF0-AD7D-D234F328BD59", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3D1B2000-C3FE-4B4C-885A-A5076EB164E1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A", versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F", versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6", versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F", versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB23AE6-245E-43D6-B832-933F8259F937", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "1188B4A9-2684-413C-83D1-E91C75AE0FCF", versionEndIncluding: "1.25.2", versionStartIncluding: "1.9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3337609D-5291-4A52-BC6A-6A8D4E60EB20", versionEndIncluding: "2.4.2", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527", versionEndIncluding: "3.3.0", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "F291CB34-47A4-425A-A200-087CC295AEC8", versionEndExcluding: "r29", versionStartIncluding: "r25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*", matchCriteriaId: "5892B558-EC3A-43FF-A1D5-B2D9F70796F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", matchCriteriaId: "96BF2B19-52C7-4051-BA58-CAE6F912B72F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B", versionEndIncluding: "8.5.93", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34", versionEndIncluding: "9.0.80", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "0765CC3D-AB1A-4147-8900-EF4C105321F2", versionEndIncluding: "10.1.13", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", matchCriteriaId: "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", matchCriteriaId: "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", matchCriteriaId: "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", matchCriteriaId: "2AAD52CE-94F5-4F98-A027-9A7E68818CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", matchCriteriaId: "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", matchCriteriaId: "03A171AF-2EC8-4422-912C-547CDB58CAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", matchCriteriaId: "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", matchCriteriaId: "49350A6E-5E1D-45B2-A874-3B8601B3ADCC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", matchCriteriaId: "5F50942F-DF54-46C0-8371-9A476DD3EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", matchCriteriaId: "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", matchCriteriaId: "98792138-DD56-42DF-9612-3BDC65EEC117", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*", matchCriteriaId: "08190072-3880-4EF5-B642-BA053090D95B", versionEndExcluding: "1.28.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", matchCriteriaId: "5F4CDEA9-CB47-4881-B096-DA896E2364F3", versionEndExcluding: "1.56.3", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", matchCriteriaId: "E65AF7BC-7DAE-408A-8485-FBED22815F75", versionEndIncluding: "1.59.2", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", matchCriteriaId: "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC", versionEndExcluding: "1.58.3", versionStartIncluding: "1.58.0", vulnerable: true, }, { criteria: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*", matchCriteriaId: "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD", versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "8DF7ECF6-178D-433C-AA21-BAE9EF248F37", versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1C3418F4-B8BF-4666-BB39-C188AB01F45C", versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA", versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*", matchCriteriaId: "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314", versionEndExcluding: "2023-10-08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "16A8F269-E07E-402F-BFD5-60F3988A5EAF", versionEndExcluding: "17.2.20", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8", versionEndExcluding: "17.4.12", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "DA5834D4-F52F-41C0-AA11-C974FFEEA063", versionEndExcluding: "17.6.8", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "2166106F-ACD6-4C7B-B0CC-977B83CC5F73", versionEndExcluding: "17.7.5", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", matchCriteriaId: "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F", versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", matchCriteriaId: "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1", versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", matchCriteriaId: "E500D59C-6597-45E9-A57B-BE26C0C231D3", versionEndExcluding: "10.0.17763.4974", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "C9F9A643-90C6-489C-98A0-D2739CE72F86", versionEndExcluding: "10.0.19044.3570", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "1814619C-ED07-49E0-A50A-E28D824D43BC", versionEndExcluding: "10.0.19045.3570", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", matchCriteriaId: "100A27D3-87B0-4E72-83F6-7605E3F35E63", versionEndExcluding: "10.0.22000.2538", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", matchCriteriaId: "C6A36795-0238-45C9-ABE6-3DCCF751915B", versionEndExcluding: "10.0.22621.2428", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", matchCriteriaId: "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "C61F0294-5C7E-4DB2-8905-B85D0782F35F", versionEndExcluding: "18.18.2", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388", versionEndExcluding: "20.8.1", versionStartIncluding: "20.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", matchCriteriaId: "B25279EF-C406-4133-99ED-0492703E0A4E", versionEndExcluding: "2023-10-11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", matchCriteriaId: "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5", versionEndExcluding: "2023-10-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*", matchCriteriaId: "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C", versionEndExcluding: "2023.10.16.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*", matchCriteriaId: "EDEB508E-0EBD-4450-9074-983DDF568AB4", versionEndExcluding: "3.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", matchCriteriaId: "93A1A748-6C71-4191-8A16-A93E94E2CDE4", versionEndExcluding: "8.1.9", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", matchCriteriaId: "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A", versionEndExcluding: "9.2.3", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*", matchCriteriaId: "6F70360D-6214-46BA-AF82-6AB01E13E4E9", versionEndExcluding: "2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82", versionEndExcluding: "4.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF", versionEndExcluding: "1.17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "F0C8E760-C8D2-483A-BBD4-6A6D292A3874", versionEndExcluding: "1.18.3", versionStartIncluding: "1.18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", matchCriteriaId: "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7", versionEndExcluding: "1.19.1", versionStartIncluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", matchCriteriaId: "050AE218-3871-44D6-94DA-12D84C2093CB", versionEndExcluding: "2023-10-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "B36BFFB0-C0EC-4926-A1DB-0B711C846A68", versionEndExcluding: "2.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*", matchCriteriaId: "FC4C66B1-42C0-495D-AE63-2889DE0BED84", versionEndExcluding: "2023-10-11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "8633E263-F066-4DD8-A734-90207207A873", versionEndIncluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "27ED3533-A795-422F-B923-68BE071DC00D", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "45F7E352-3208-4188-A5B1-906E00DF9896", vulnerable: true, }, { criteria: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*", matchCriteriaId: "DF89A8AD-66FE-439A-B732-CAAB304D765B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", matchCriteriaId: "A400C637-AF18-4BEE-B57C-145261B65DEC", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "653A5B08-0D02-4362-A8B1-D00B24C6C6F2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", matchCriteriaId: "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F0FD736A-8730-446A-BA3A-7B608DB62B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F4C504B6-3902-46E2-82B7-48AEC9CDD48D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B4BE2D6-43C3-4065-A213-5DB1325DC78F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*", matchCriteriaId: "1D54F5AE-61EC-4434-9D5F-9394A3979894", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", matchCriteriaId: "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4E37E1B3-6F68-4502-85D6-68333643BDFF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "6D5A7736-A403-4617-8790-18E46CB74DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "33F13B03-69BF-4A8B-A0A0-7F47FD857461", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "9393119E-F018-463F-9548-60436F104195", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*", matchCriteriaId: "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E567CD9F-5A43-4D25-B911-B5D0440698F4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "68146098-58F8-417E-B165-5182527117C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "CB4D6790-63E5-4043-B8BE-B489D649061D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*", matchCriteriaId: "78698F40-0777-4990-822D-02E1B5D0E2C0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", matchCriteriaId: "B87C8AD3-8878-4546-86C2-BF411876648C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*", matchCriteriaId: "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", matchCriteriaId: "A58966CB-36AF-4E64-AB39-BE3A0753E155", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*", matchCriteriaId: "585BC540-073B-425B-B664-5EA4C00AFED6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72A54BDA-311C-413B-8E4D-388AD65A170A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40CCE4F-EA2C-453D-BB76-6388767E5C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*", matchCriteriaId: "EF93A27E-AA2B-4C2E-9B8D-FE7267847326", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "2B12A3A8-6456-481A-A0C9-524543FCC149", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*", matchCriteriaId: "4E22EBF9-AA0D-4712-9D69-DD97679CE835", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*", matchCriteriaId: "941B114C-FBD7-42FF-B1D8-4EA30E99102C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "339CFB34-A795-49F9-BF6D-A00F3A1A4F63", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "8D044DBE-6F5A-4C53-828E-7B1A570CACFF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*", matchCriteriaId: "65203CA1-5225-4E55-A187-6454C091F532", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", matchCriteriaId: "7BF8EFFB-5686-4F28-A68F-1A8854E098CE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*", matchCriteriaId: "5DA9B2E2-958B-478D-87D6-E5CDDCD44315", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*", matchCriteriaId: "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*", matchCriteriaId: "DF390236-3259-4C8F-891C-62ACC4386CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", matchCriteriaId: "C0AAA300-691A-4957-8B69-F6888CC971B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", matchCriteriaId: "45937289-2D64-47CB-A750-5B4F0D4664A0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*", matchCriteriaId: "B129311C-EB4B-4041-B85C-44D5E53FCAA3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", matchCriteriaId: "77675CB7-67D7-44E9-B7FF-D224B3341AA5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*", matchCriteriaId: "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", matchCriteriaId: "9C877879-B84B-471C-80CF-0656521CA8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", matchCriteriaId: "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", matchCriteriaId: "E315FC5C-FF19-43C9-A58A-CF2A5FF13824", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1987BDA-0113-4603-B9BE-76647EB043F2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", matchCriteriaId: "848C92A9-0677-442B-8D52-A448F2019903", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*", matchCriteriaId: "6F564701-EDC1-43CF-BB9F-287D6992C6CB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", matchCriteriaId: "12B0CF2B-D1E1-4E20-846E-6F0D873499A9", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*", matchCriteriaId: "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*", matchCriteriaId: "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*", matchCriteriaId: "A903C3AD-2D25-45B5-BF4A-A5BEB2286627", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", matchCriteriaId: "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*", matchCriteriaId: "C2792650-851F-4820-B003-06A4BEA092D7", versionEndExcluding: "10.5.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1", versionEndExcluding: "3.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "E6FF5F80-A991-43D4-B49F-D843E2BC5798", versionEndIncluding: "2.414.2", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", matchCriteriaId: "54D25DA9-12D0-4F14-83E6-C69D0293AAB9", versionEndIncluding: "2.427", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", matchCriteriaId: "8E1AFFB9-C717-4727-B0C9-5A0C281710E2", versionEndExcluding: "9.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", matchCriteriaId: "25C85001-E0AB-4B01-8EE7-1D9C77CD956E", versionEndExcluding: "1.21.4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*", matchCriteriaId: "F98F9D27-6659-413F-8F29-4FDB0882AAC5", versionEndExcluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C98BF315-C563-47C2-BAD1-63347A3D1008", versionEndExcluding: "4.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*", matchCriteriaId: "705CBA49-21C9-4400-B7B9-71CDF9F97D8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "AA2BE0F1-DD16-4876-8EBA-F187BD38B159", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "796B6C58-2140-4105-A2A1-69865A194A75", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*", matchCriteriaId: "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", matchCriteriaId: "6560DBF4-AFE6-4672-95DE-74A0B8F4170A", versionEndExcluding: "x14.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "84785919-796D-41E5-B652-6B5765C81D4A", versionEndExcluding: "7.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*", matchCriteriaId: "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E", versionEndExcluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD", versionEndExcluding: "9.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "4FE2F959-1084-48D1-B1F1-8182FC9862DD", versionEndExcluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", versionEndExcluding: "3.10.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", matchCriteriaId: "1BB6B48E-EA36-40A0-96D0-AF909BEC1147", versionEndExcluding: "11.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*", matchCriteriaId: "2CBED844-7F94-498C-836D-8593381A9657", versionEndExcluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510", versionEndExcluding: "2.19.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", matchCriteriaId: "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA", versionEndExcluding: "x14.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*", matchCriteriaId: "BFF2D182-7599-4B81-B56B-F44EDA1384C0", versionEndExcluding: "2024.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*", matchCriteriaId: "4868BCCA-24DE-4F24-A8AF-B3A545C0396E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*", matchCriteriaId: "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A", versionEndExcluding: "2024.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*", matchCriteriaId: "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20", versionEndExcluding: "2024.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*", matchCriteriaId: "B6638F4E-16F7-447D-B755-52640BCB1C61", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "AC34F742-530E-4AB4-8AFC-D1E088E256B4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", matchCriteriaId: "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*", matchCriteriaId: "E22AD683-345B-4E16-BB9E-E9B1783E09AD", versionEndExcluding: "12.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*", matchCriteriaId: "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*", matchCriteriaId: "2955BEE9-F567-4006-B96D-92E10FF84DB4", versionEndExcluding: "1.22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "67502878-DB20-4410-ABA0-A1C5705064CD", versionEndExcluding: "17.15.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", matchCriteriaId: "177DED2D-8089-4494-BDD9-7F84FC06CD5B", versionEndExcluding: "7.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54A29FD3-4128-4333-8445-A7DD04A6ECF6", versionEndExcluding: "15.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "67074526-9933-46B3-9FE3-A0BE73C5E8A7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9", versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88", versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", matchCriteriaId: "528ED62B-D739-4E06-AC64-B506FD73BBAB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*", matchCriteriaId: "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", matchCriteriaId: "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", matchCriteriaId: "76C10D85-88AC-4A79-8866-BED88A0F8DF8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", matchCriteriaId: "09AC2BAD-F536-48D0-A2F0-D4E290519EB6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", matchCriteriaId: "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", matchCriteriaId: "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", matchCriteriaId: "5F4E8EE4-031D-47D3-A12E-EE5F792172EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", matchCriteriaId: "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", matchCriteriaId: "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", matchCriteriaId: "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", matchCriteriaId: "D14D4B4E-120E-4607-A4F1-447C7BF3052E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", matchCriteriaId: "15702ACB-29F3-412D-8805-E107E0729E35", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", matchCriteriaId: "4E930332-CDDD-48D5-93BC-C22D693BBFA2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*", matchCriteriaId: "29B34855-D8D2-4114-80D2-A4D159C62458", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", matchCriteriaId: "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", matchCriteriaId: "F4226DA0-9371-401C-8247-E6E636A116C3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", matchCriteriaId: "7664666F-BCE4-4799-AEEA-3A73E6AD33F4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", matchCriteriaId: "D3DBBFE9-835C-4411-8492-6006E74BAC65", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", matchCriteriaId: "B3293438-3D18-45A2-B093-2C3F65783336", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", matchCriteriaId: "C97C29EE-9426-4BBE-8D84-AB5FF748703D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "E142C18F-9FB5-4D96-866A-141D7D16CAF7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "8F43B770-D96C-44EA-BC12-9F39FC4317B9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", matchCriteriaId: "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", matchCriteriaId: "7817F4E6-B2DA-4F06-95A4-AF329F594C02", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", matchCriteriaId: "CED628B5-97A8-4B26-AA40-BEC854982157", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "7BB9DD73-E31D-4921-A6D6-E14E04703588", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "8EFC116A-627F-4E05-B631-651D161217C8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", matchCriteriaId: "4532F513-0543-4960-9877-01F23CA7BA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", matchCriteriaId: "0B43502B-FD53-465A-B60F-6A359C6ACD99", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", matchCriteriaId: "32A532C0-B0E3-484A-B356-88970E7D0248", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*", matchCriteriaId: "1C84D24C-2256-42AF-898A-221EBE9FE1E4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", matchCriteriaId: "652A2849-668D-4156-88FB-C19844A59F33", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*", matchCriteriaId: "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", matchCriteriaId: "24FBE87B-8A4F-43A8-98A3-4A7D9C630937", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", matchCriteriaId: "6ACD09AC-8B28-4ACB-967B-AB3D450BC137", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", matchCriteriaId: "43913A0E-50D5-47DD-94D8-DD3391633619", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", matchCriteriaId: "7D397349-CCC6-479B-9273-FB1FFF4F34F2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", matchCriteriaId: "DC7286A7-780F-4A45-940A-4AD5C9D0F201", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", matchCriteriaId: "CA52D5C1-13D8-4D23-B022-954CCEF491F1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", matchCriteriaId: "5F7AF8D7-431B-43CE-840F-CC0817D159C0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", matchCriteriaId: "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", matchCriteriaId: "A8E1073F-D374-4311-8F12-AD8C72FAA293", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", matchCriteriaId: "EAF5AF71-15DF-4151-A1CF-E138A7103FC8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", matchCriteriaId: "10F80A72-AD54-4699-B8AE-82715F0B58E2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", matchCriteriaId: "E505C0B1-2119-4C6A-BF96-C282C633D169", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", matchCriteriaId: "088C0323-683A-44F5-8D42-FF6EC85D080E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", matchCriteriaId: "74CB4002-7636-4382-B33E-FBA060A13C34", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", matchCriteriaId: "915EF8F6-6039-4DD0-B875-30D911752B74", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", matchCriteriaId: "10CEBF73-3EE0-459A-86C5-F8F6243FE27C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", matchCriteriaId: "97217080-455C-48E4-8CE1-6D5B9485864F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", matchCriteriaId: "95D2C4C3-65CE-4612-A027-AF70CEFC3233", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", matchCriteriaId: "57572E4A-78D5-4D1A-938B-F05F01759612", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9", versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88", versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", matchCriteriaId: "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", matchCriteriaId: "532CE4B0-A3C9-4613-AAAF-727817D06FB4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*", matchCriteriaId: "24CA1A59-2681-4507-AC74-53BD481099B9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", matchCriteriaId: "4283E433-7F8C-4410-B565-471415445811", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*", matchCriteriaId: "FFB9FDE8-8533-4F65-BF32-4066D042B2F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", matchCriteriaId: "F80AB6FB-32FD-43D7-A9F1-80FA47696210", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "3AA5389A-8AD1-476E-983A-54DF573C30F5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", matchCriteriaId: "D5B2E4C1-2627-4B9D-8E92-4B483F647651", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*", matchCriteriaId: "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", matchCriteriaId: "557ED31C-C26A-4FAE-8B14-D06B49F7F08B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", matchCriteriaId: "11411BFD-3F4D-4309-AB35-A3629A360FB0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DB2FFD26-8255-4351-8594-29D2AEFC06EF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", matchCriteriaId: "E663DE91-C86D-48DC-B771-FA72A8DF7A7C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "61E10975-B47E-4F4D-8096-AEC7B7733612", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "A90184B3-C82F-4CE5-B2AD-97D5E4690871", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", matchCriteriaId: "40E40F42-632A-47DF-BE33-DC25B826310B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", matchCriteriaId: "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", matchCriteriaId: "16C64136-89C2-443C-AF7B-BED81D3DE25A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", matchCriteriaId: "BBEF7F26-BB47-44BD-872E-130820557C23", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", matchCriteriaId: "07DE6F63-2C7D-415B-8C34-01EC05C062F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "182000E0-8204-4D8B-B7DE-B191AFE12E28", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", matchCriteriaId: "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", matchCriteriaId: "F423E45D-A6DD-4305-9C6A-EAB26293E53A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "BDC208BC-7E19-48C6-A20E-A79A51B7362C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "102F91CD-DFB6-43D4-AE5B-DA157A696230", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "E952A96A-0F48-4357-B7DD-1127D8827650", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "084D0191-563B-4FF0-B589-F35DA118E1C6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "B7DB6FC5-762A-4F16-AE8C-69330EFCF640", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "F70D81F1-8B12-4474-9060-B4934D8A3873", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", matchCriteriaId: "5394DE31-3863-4CA9-B7B1-E5227183100D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "968390BC-B430-4903-B614-13104BFAE635", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "7349D69B-D8FA-4462-AA28-69DD18A652D9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", matchCriteriaId: "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", matchCriteriaId: "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", matchCriteriaId: "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", matchCriteriaId: "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "91231DC6-2773-4238-8C14-A346F213B5E5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", matchCriteriaId: "2DF88547-BAF4-47B0-9F60-80A30297FCEB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", matchCriteriaId: "02C3CE6D-BD54-48B1-A188-8E53DA001424", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", matchCriteriaId: "498991F7-39D6-428C-8C7D-DD8DC72A0346", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", matchCriteriaId: "113772B6-E9D2-4094-9468-3F4E1A87D07D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "F7B90D36-5124-4669-8462-4EAF35B0F53D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "C45A38D6-BED6-4FEF-AD87-A1E813695DE0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "F1FC2B1F-232E-4754-8076-CC82F3648730", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", matchCriteriaId: "5F1127D2-12C0-454F-91EF-5EE334070D06", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*", matchCriteriaId: "7D6EB963-E0F2-4A02-8765-AB2064BE19E9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", matchCriteriaId: "785FD17C-F32E-4042-9DDE-A89B3AAE0334", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DEAAF99B-5406-4722-81FB-A91CBAC2DF41", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", matchCriteriaId: "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", matchCriteriaId: "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", matchCriteriaId: "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "2CF467E2-4567-426E-8F48-39669E0F514C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", matchCriteriaId: "63842B25-8C32-4988-BBBD-61E9CB09B4F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", matchCriteriaId: "40D6DB7F-C025-4971-9615-73393ED61078", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", matchCriteriaId: "4364ADB9-8162-451D-806A-B98924E6B2CF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B53BCB42-ED61-4FCF-8068-CB467631C63C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "737C724A-B6CD-4FF7-96E0-EBBF645D660E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "7067AEC7-DFC8-4437-9338-C5165D9A8F36", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", matchCriteriaId: "49E0371B-FDE2-473C-AA59-47E1269D050F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", matchCriteriaId: "489D11EC-5A18-4F32-BC7C-AC1FCEC27222", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "71D4CF15-B293-4403-A1A9-96AD3933BAEF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "DBCC1515-2DBE-4DF2-8E83-29A869170F36", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", matchCriteriaId: "1BC5293E-F2B4-46DC-85DA-167EA323FCFD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "7282AAFF-ED18-4992-AC12-D953C35EC328", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", matchCriteriaId: "EA022E77-6557-4A33-9A3A-D028E2DB669A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "360409CC-4172-4878-A76B-EA1C1F8C7A79", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", matchCriteriaId: "D8D5D5E2-B40B-475D-9EF3-8441016E37E9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*", matchCriteriaId: "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", matchCriteriaId: "63BE0266-1C00-4D6A-AD96-7F82532ABAA7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "73F59A4B-AE92-4533-8EDC-D1DD850309FF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "492A2C86-DD38-466B-9965-77629A73814F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*", matchCriteriaId: "1FB7AA46-4018-4925-963E-719E1037F759", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", matchCriteriaId: "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "CB270C45-756E-400A-979F-D07D750C881A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", matchCriteriaId: "4E8A085C-2DBA-4269-AB01-B16019FBB4DA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", matchCriteriaId: "A79DD582-AF68-44F1-B640-766B46EF2BE2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*", matchCriteriaId: "B04484DA-AA59-4833-916E-6A8C96D34F0D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", matchCriteriaId: "768BE390-5ED5-48A7-9E80-C4DE8BA979B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "D07B5399-44C7-468D-9D57-BB5B5E26CE50", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", matchCriteriaId: "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "B76FB64F-16F0-4B0B-B304-B46258D434BA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", matchCriteriaId: "7E02DC82-0D26-436F-BA64-73C958932B0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*", matchCriteriaId: "2E128053-834B-4DD5-A517-D14B4FC2B56F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*", matchCriteriaId: "163743A1-09E7-4EC5-8ECA-79E4B9CE173B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*", matchCriteriaId: "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "C367BBE0-D71F-4CB5-B50E-72B033E73FE1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*", matchCriteriaId: "85E1D224-4751-4233-A127-A041068C804A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*", matchCriteriaId: "BD31B075-01B1-429E-83F4-B999356A0EB9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", matchCriteriaId: "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", matchCriteriaId: "3284D16F-3275-4F8D-8AE4-D413DE19C4FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, { lang: "es", value: "El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023.", }, ], id: "CVE-2023-44487", lastModified: "2025-03-07T19:15:36.157", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-10T14:15:10.883", references: [ { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2023/10/10/6", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2023/10/10/7", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/Azure/AKS/issues/3947", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/Kong/kong/discussions/11741", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/akka/akka-http/issues/4323", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/apisix/issues/10320", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/httpd-site/pull/10", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/dotnet/announcements/issues/277", }, { source: "cve@mitre.org", tags: [ "Product", "Release Notes", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/facebook/proxygen/pull/466", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/golang/go/issues/63417", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { source: "cve@mitre.org", url: "https://github.com/grpc/grpc/releases/tag/v1.59.2", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/h2o/h2o/pull/3291", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/line/armeria/pull/5232", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/micrictor/http2-rst-stream", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/nodejs/node/pull/50121", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/openresty/openresty/issues/930", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Release Notes", "Vendor Advisory", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37830987", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Press/Media Coverage", ], url: "https://news.ycombinator.com/item?id=37830998", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37831062", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37837043", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { source: "cve@mitre.org", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Vendor Advisory", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/Azure/AKS/issues/3947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/Kong/kong/discussions/11741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/akka/akka-http/issues/4323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/apisix/issues/10320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/httpd-site/pull/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/dotnet/announcements/issues/277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/facebook/proxygen/pull/466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/golang/go/issues/63417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/h2o/h2o/pull/3291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/line/armeria/pull/5232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/micrictor/http2-rst-stream", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/nodejs/node/pull/50121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/openresty/openresty/issues/930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", "Vendor Advisory", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37830987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Press/Media Coverage", ], url: "https://news.ycombinator.com/item?id=37830998", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37831062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://news.ycombinator.com/item?id=37837043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Press/Media Coverage", "Third Party Advisory", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 14:15
Modified
2024-11-21 07:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/traefik/traefik/releases/tag/v2.8.8 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/releases/tag/v2.8.8 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "BC4B4129-B55E-49A3-AC70-58189BF6F4E9", versionEndExcluding: "2.8.8", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.9.0:rc1:*:*:*:*:*:*", matchCriteriaId: "FCCE16AF-C4D4-4214-BD57-5F45CA12B84B", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.9.0:rc2:*:*:*:*:*:*", matchCriteriaId: "B462AF00-590B-400C-B219-685BBC1E16AB", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.9.0:rc3:*:*:*:*:*:*", matchCriteriaId: "45A346C6-2494-4C72-A606-746554E933B5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:2.9.0:rc4:*:*:*:*:*:*", matchCriteriaId: "BD36BBFB-A14F-4B93-95B6-83FC5C67F4B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.", }, { lang: "es", value: "Traefik (pronunciado tráfico) es un moderno proxy inverso HTTP y equilibrador de carga que ayuda a desplegar microservicios. Se presenta una vulnerabilidad potencial en Traefik al administrar las conexiones HTTP/2. Una conexión de servidor HTTP/2 que es cerrada podría colgarse para siempre debido a un error fatal posterior. Este modo de fallo podría ser explotado para causar una denegación de servicio. Ha sido publicado un parche en versiones 2.8.8 y 2.9.0-rc5. Actualmente no se presentan mitigaciones conocidas", }, ], id: "CVE-2022-39271", lastModified: "2024-11-21T07:17:55.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-11T14:15:09.883", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.8.8", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.8.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 21:15
Modified
2024-11-21 08:29
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "AB0C6F34-0937-44ED-B248-F7B63DDA7820", versionEndIncluding: "2.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", matchCriteriaId: "376EAF9B-E994-4268-9704-0A45EA30270F", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", matchCriteriaId: "F3D08335-C291-4623-B80C-3B14C4D1FA32", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", matchCriteriaId: "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D", vulnerable: true, }, { criteria: "cpe:2.3:a:traefik:traefik:3.0.0:beta4:*:*:*:*:*:*", matchCriteriaId: "4B5B7BC8-0BBF-48DC-86B1-FC3D7CB8D5AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Traefik es un equilibrador de carga y proxy inverso HTTP de código abierto. Cuando se envía una solicitud a Traefik con un fragmento de URL, Traefik codifica automáticamente la URL y reenvía el fragmento al servidor backend. Esto viola RFC 7230 porque en el formulario de origen la URL solo debe contener la ruta absoluta y la consulta. Cuando esto se combina con otro proxy de interfaz como Nginx, se puede utilizar para evitar las restricciones de control de acceso basadas en URI del proxy de interfaz. Esta vulnerabilidad se ha solucionado en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2023-47106", lastModified: "2024-11-21T08:29:47.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T21:15:33.600", references: [ { source: "security-advisories@github.com", tags: [ "Not Applicable", ], url: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v2.10.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-03 23:15
Modified
2024-11-21 06:07
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "6AE4F485-8B9A-4136-928F-31D7072F71D0", versionEndExcluding: "2.4.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.", }, { lang: "es", value: "Traefik es un proxy inverso HTTP y un equilibrador de carga. Anterior a versión 2.4.13, se presentaba una potencial vulnerabilidad de encabezado en el manejo del encabezado Connection de Traefik. Una explotación activa de este problema es poco probable, ya que requiere que un encabezado eliminado conllevaría a una escalada de privilegios, sin embargo, el equipo de Traefik ha abordado este problema para impedir cualquier abuso potencial. Si uno presenta una cadena de middlewares de Traefik, y uno de ellos establece un encabezado de petición, entonces el envío de una petición con una determinado encabezado de conexión causará que se elimine antes de que se envíe la petición. En este caso, el backend no visualiza la cabecera de petición. Se presenta un parche disponible en la versión 2.4.13. No hay soluciones conocidas aparte de la actualización", }, ], id: "CVE-2021-32813", lastModified: "2024-11-21T06:07:48.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-03T23:15:07.370", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.4.13", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.4.13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-913", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-913", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-29 19:29
Modified
2024-11-21 04:22
Severity ?
Summary
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.traefik.io/configuration/api/#security | Exploit, Vendor Advisory | |
| cve@mitre.org | https://github.com/containous/traefik/issues/4917 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/containous/traefik/pull/4918 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.traefik.io/configuration/api/#security | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/containous/traefik/issues/4917 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/containous/traefik/pull/4918 | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "6C4D325D-3CB4-480F-97F0-3B0DFF21172F", versionEndIncluding: "1.7.11", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.", }, { lang: "es", value: "En el archivo types/types.go en Containous Traefik versión 1.7.x hasta 1.7.11, cuando el indicador --api es usado y la API esta publicamente accesible y expuesta sin un suficiente control de acceso (que es contrario a la documentación de la API), permite a los usuarios autenticados remotos descubrir hashes de contraseña leyendo la secciones Basic HTTP Authentication o Digest HTTP Authentication, o encontrando una clave mediante la lectura de la sección ClientTLS. Estos se pueden encontrar en la respuesta JSON a una petición /api.", }, ], id: "CVE-2019-12452", lastModified: "2024-11-21T04:22:52.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-29T19:29:00.580", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://docs.traefik.io/configuration/api/#security", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/containous/traefik/issues/4917", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/4918", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://docs.traefik.io/configuration/api/#security", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/containous/traefik/issues/4917", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/4918", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-08 22:15
Modified
2024-11-21 07:30
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "F629DB16-8E4D-4447-B603-6A6463378267", versionEndExcluding: "2.9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.", }, { lang: "es", value: "Traefik es un equilibrador de carga y proxy inverso HTTP de código abierto. En las versiones afectadas existe una vulnerabilidad potencial en Traefik que gestiona las conexiones TLS. Un router configurado con una TLSOption mal formateada se expone con una TLSOption vacía. Por ejemplo, una ruta asegurada mediante una conexión mTLS configurada con un archivo CA incorrecto queda expuesta sin verificar los certificados del cliente. Se recomienda a los usuarios que actualicen a la versión 2.9.6. Los usuarios que no puedan actualizar deben verificar sus registros para detectar los mensajes de error y corregir sus opciones de TLS.", }, ], id: "CVE-2022-46153", lastModified: "2024-11-21T07:30:12.953", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-08T22:15:10.563", references: [ { source: "security-advisories@github.com", tags: [ "Product", "Vendor Advisory", ], url: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-08 22:15
Modified
2024-11-21 06:48
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/traefik/traefik/pull/9574 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/releases/tag/v2.9.6 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/pull/9574 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/releases/tag/v2.9.6 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp | Exploit, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "F629DB16-8E4D-4447-B603-6A6463378267", versionEndExcluding: "2.9.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.", }, { lang: "es", value: "Traefik es un equilibrador de carga y proxy inverso HTTP de código abierto. Las versiones anteriores a la 2.9.6 están sujetas a una vulnerabilidad potencial en Traefik al mostrar el encabezado Autorización en sus registros de depuración. En ciertos casos, si el nivel de registro está configurado en DEBUG, las credenciales proporcionadas mediante el encabezado Autorización se muestran en los registros de depuración. Los atacantes deben tener acceso al sistema de registro de usuarios para poder robar las credenciales. Este problema se solucionó en la versión 2.9.6. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden configurar el nivel de registro en \"INFO\", \"ADVERTENCIA\" o \"ERROR\".", }, ], id: "CVE-2022-23469", lastModified: "2024-11-21T06:48:37.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-08T22:15:10.043", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/9574", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/pull/9574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/releases/tag/v2.9.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-21 01:29
Modified
2024-11-21 03:51
Severity ?
Summary
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", matchCriteriaId: "D1A711BA-D8DB-4F9E-BC23-D1B8FE93A726", versionEndExcluding: "1.6.6", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.", }, { lang: "es", value: "Containous Traefik en versiones 1.6.x anteriores a la 1.6.6, cuando se usa --api, expone la configuración y el secreto si falta la autenticación y el puerto de la API es alcanzable públicamente.", }, ], id: "CVE-2018-15598", lastModified: "2024-11-21T03:51:08.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-21T01:29:00.227", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/containous/traefik/releases/tag/v1.6.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/containous/traefik/releases/tag/v1.6.6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202310-0175
Vulnerability from variot
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section.
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Description:
nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: dotnet6.0 security update Advisory ID: RHSA-2023:5710-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5710 Issue date: 2023-10-16 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
An update for dotnet6.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024
nghttp2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in nghttp2.
Software Description: - nghttp2: HTTP/2 C Library and tools
Details:
It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)
It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2
Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2
Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5558-1 security@debian.org https://www.debian.org/security/ Markus Koschany November 18, 2023 https://www.debian.org/security/faq
Package : netty CVE ID : CVE-2023-34462 CVE-2023-44487 Debian Bug : 1038947 1054234
Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.
CVE-2023-34462
It might be possible for a remote peer to send a client hello packet during
a TLS handshake which lead the server to buffer up to 16 MB of data per
connection. This could lead to a OutOfMemoryError and so result in a denial
of service.
This problem is also known as Rapid Reset Attack.
For the oldstable distribution (bullseye), these problems have been fixed in version 1:4.1.48-4+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in version 1:4.1.48-7+deb12u1.
We recommend that you upgrade your netty packages.
For the detailed security status of netty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netty
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97 UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0 eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH 1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1 g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0 P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI= =4ExT -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "node maintenance operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "jboss core services", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "go", scope: "gte", trust: 1, vendor: "golang", version: "1.21.0", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.19.1", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "crosswork zero touch provisioning", scope: "lt", trust: 1, vendor: "cisco", version: "6.0.0", }, { model: "big-ip policy enforcement manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "integration camel for spring boot", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "windows 10 1809", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.17763.4974", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "advanced cluster security", scope: "eq", trust: 1, vendor: "redhat", version: "4.0", }, { model: "expressway", scope: "lt", trust: 1, vendor: "cisco", version: "x14.3.3", }, { model: "ultra cloud core - policy control function", scope: "eq", trust: 1, vendor: "cisco", version: "2024.01.0", }, { model: "traffic server", scope: "gte", trust: 1, vendor: "apache", version: "9.0.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.6", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "11.0", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "openshift container platform", scope: "eq", trust: 1, vendor: "redhat", version: "4.0", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "satellite", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "crosswork data gateway", scope: "lt", trust: 1, vendor: "cisco", version: "4.1.3", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "nx-os", scope: "lt", trust: 1, vendor: "cisco", version: "10.2\\(7\\)", }, { model: "nginx plus", scope: "gte", trust: 1, vendor: "f5", version: "r25", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "service interconnect", scope: "eq", trust: 1, vendor: "redhat", version: "1.0", }, { model: "fog director", scope: "lt", trust: 1, vendor: "cisco", version: "1.22", }, { model: "unified contact center domain manager", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "asp.net core", scope: "lt", trust: 1, vendor: "microsoft", version: "7.0.12", }, { model: "migration toolkit for applications", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip ddos hybrid defender", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "crosswork data gateway", scope: "eq", trust: 1, vendor: "cisco", version: "5.0", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "go", scope: "lt", trust: 1, vendor: "golang", version: "1.20.10", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: ".net", scope: "lt", trust: 1, vendor: "microsoft", version: "6.0.23", }, { model: "ultra cloud core - policy control function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.01.0", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "enterprise chat and email", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "8.5.93", }, { model: "proxygen", scope: "lt", trust: 1, vendor: "facebook", version: "2023.10.16.00", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "process automation", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application acceleration manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "build of optaplanner", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "jenkins", scope: "lte", trust: 1, vendor: "jenkins", version: "2.427", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.7.5", }, { model: "telepresence video communication server", scope: "lt", trust: 1, vendor: "cisco", version: "x14.3.3", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip ssl orchestrator", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "nginx plus", scope: "eq", trust: 1, vendor: "f5", version: "r30", }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "node.js", scope: "lt", trust: 1, vendor: "nodejs", version: "20.8.1", }, { model: "big-ip carrier-grade nat", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "swiftnio http\\/2", scope: "lt", trust: 1, vendor: "apple", version: "1.28.0", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.13.0", }, { model: "caddy", scope: "lt", trust: 1, vendor: "caddyserver", version: "2.7.5", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "10.1.0", }, { model: "astra control center", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "fence agents remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "cert-manager operator for red hat openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "advanced cluster management for kubernetes", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "solr", scope: "lt", trust: 1, vendor: "apache", version: "9.4.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "secure web appliance", scope: "lt", trust: 1, vendor: "cisco", version: "15.1.0", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "3scale api management platform", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "http", scope: "eq", trust: 1, vendor: "ietf", version: "2.0", }, { model: "openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip access policy manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "certification for red hat enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "migration toolkit for containers", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: ".net", scope: "lt", trust: 1, vendor: "microsoft", version: "7.0.12", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.2.20", }, { model: "big-ip local traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "go", scope: "lt", trust: 1, vendor: "golang", version: "1.21.3", }, { model: "windows 11 21h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.22000.2538", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "9.4.53", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "jenkins", scope: "lte", trust: 1, vendor: "jenkins", version: "2.414.2", }, { model: "traffic server", scope: "lt", trust: 1, vendor: "apache", version: "8.1.9", }, { model: "tomcat", scope: "eq", trust: 1, vendor: "apache", version: "11.0.0", }, { model: "apisix", scope: "lt", trust: 1, vendor: "apache", version: "3.6.1", }, { model: "certification for red hat enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "9.0", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "jboss a-mq streams", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip domain name system", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "ios xr", scope: "lt", trust: 1, vendor: "cisco", version: "7.11.2", }, { model: "ultra cloud core - session management function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.02.0", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "varnish cache", scope: "lt", trust: 1, vendor: "varnish cache", version: "2023-10-10", }, { model: "single sign-on", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows 10 1607", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.14393.6351", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.14.1", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.25.9", }, { model: "jboss data grid", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "12.0", }, { model: "big-ip policy enforcement manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "machine deletion remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.4", }, { model: "nginx plus", scope: "lt", trust: 1, vendor: "f5", version: "r29", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "grpc", scope: "lt", trust: 1, vendor: "grpc", version: "1.56.3", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "openresty", scope: "lt", trust: 1, vendor: "openresty", version: "1.21.4.3", }, { model: "nginx", scope: "gte", trust: 1, vendor: "f5", version: "1.9.5", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "nginx plus", scope: "eq", trust: 1, vendor: "f5", version: "r29", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "38", }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "windows 10 21h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.19044.3570", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.17.6", }, { model: "advanced cluster security", scope: "eq", trust: 1, vendor: "redhat", version: "3.0", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "17.1", }, { model: "windows server 2022", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "big-ip analytics", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip webaccelerator", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip advanced web application firewall", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "cbl-mariner", scope: "lt", trust: 1, vendor: "microsoft", version: "2023-10-11", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "traefik", scope: "lt", trust: 1, vendor: "traefik", version: "2.10.5", }, { model: "openshift data science", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip global traffic manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip link controller", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "node healthcheck operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "openshift gitops", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "data center network manager", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "openshift container platform assisted installer", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "ultra cloud core - serving gateway function", scope: "lt", trust: 1, vendor: "cisco", version: "2024.02.0", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "12.0.2", }, { model: "opensearch data prepper", scope: "lt", trust: 1, vendor: "amazon", version: "2.5.0", }, { model: "prime network registrar", scope: "lt", trust: 1, vendor: "cisco", version: "11.2", }, { model: "nx-os", scope: "lt", trust: 1, vendor: "cisco", version: "10.3\\(5\\)", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.13.1", }, { model: "big-ip next service proxy for kubernetes", scope: "gte", trust: 1, vendor: "f5", version: "1.5.0", }, { model: "openshift serverless", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "http2", scope: "lt", trust: 1, vendor: "golang", version: "0.17.0", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "istio", scope: "gte", trust: 1, vendor: "istio", version: "1.18.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "oncommand insight", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "jboss fuse", scope: "eq", trust: 1, vendor: "redhat", version: "6.0.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "node.js", scope: "gte", trust: 1, vendor: "nodejs", version: "18.0.0", }, { model: "traefik", scope: "eq", trust: 1, vendor: "traefik", version: "3.0.0", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip advanced web application firewall", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "windows 10 22h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.19045.3570", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "http server", scope: "lt", trust: 1, vendor: "akka", version: "10.5.3", }, { model: "big-ip global traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "ansible automation platform", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.24.10", }, { model: "http2", scope: "lt", trust: 1, vendor: "kazu yamamoto", version: "4.2.2", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "cryostat", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "openshift distributed tracing", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "unified contact center management portal", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "kong gateway", scope: "lt", trust: 1, vendor: "konghq", version: "3.4.2", }, { model: "istio", scope: "gte", trust: 1, vendor: "istio", version: "1.19.0", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "8.5.0", }, { model: "support for spring boot", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip application visibility and reporting", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "jboss fuse", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows server 2016", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip websafe", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "grpc", scope: "gte", trust: 1, vendor: "grpc", version: "1.58.0", }, { model: "build of quarkus", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "logging subsystem for red hat openshift", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "11.0.17", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip carrier-grade nat", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip ssl orchestrator", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "cost management", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "traffic server", scope: "gte", trust: 1, vendor: "apache", version: "8.0.0", }, { model: "service telemetry framework", scope: "eq", trust: 1, vendor: "redhat", version: "1.5", }, { model: "big-ip advanced firewall manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip application security manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.6.8", }, { model: "secure malware analytics", scope: "lt", trust: 1, vendor: "cisco", version: "2.19.2", }, { model: "quay", scope: "eq", trust: 1, vendor: "redhat", version: "3.0.0", }, { model: "linkerd", scope: "eq", trust: 1, vendor: "linkerd", version: "2.14.0", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "windows 11 22h2", scope: "lt", trust: 1, vendor: "microsoft", version: "10.0.22621.2428", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "decision manager", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "grpc", scope: "lte", trust: 1, vendor: "grpc", version: "1.59.2", }, { model: "nghttp2", scope: "lt", trust: 1, vendor: "nghttp2", version: "1.57.0", }, { model: "openshift service mesh", scope: "eq", trust: 1, vendor: "redhat", version: "2.0", }, { model: "big-ip domain name system", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "grpc", scope: "lt", trust: 1, vendor: "grpc", version: "1.58.3", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "16.2", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "prime cable provisioning", scope: "lt", trust: 1, vendor: "cisco", version: "7.2.1", }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.0", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "tomcat", scope: "gte", trust: 1, vendor: "apache", version: "9.0.0", }, { model: "openshift virtualization", scope: "eq", trust: 1, vendor: "redhat", version: "4", }, { model: "big-ip access policy manager", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "openshift secondary scheduler operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "jboss enterprise application platform", scope: "eq", trust: 1, vendor: "redhat", version: "6.0.0", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "big-ip application visibility and reporting", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip access policy manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "linkerd", scope: "gte", trust: 1, vendor: "linkerd", version: "2.12.0", }, { model: "openshift api for data protection", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip global traffic manager", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "node.js", scope: "lt", trust: 1, vendor: "nodejs", version: "18.18.2", }, { model: "jboss a-mq", scope: "eq", trust: 1, vendor: "redhat", version: "7", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "37", }, { model: "prime access registrar", scope: "lt", trust: 1, vendor: "cisco", version: "9.3.3", }, { model: "unified contact center enterprise - live data server", scope: "lt", trust: 1, vendor: "cisco", version: "12.6.2", }, { model: "networking", scope: "lt", trust: 1, vendor: "golang", version: "0.17.0", }, { model: "armeria", scope: "lt", trust: 1, vendor: "linecorp", version: "1.26.0", }, { model: "big-ip websafe", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip next", scope: "eq", trust: 1, vendor: "f5", version: "20.0.1", }, { model: "ios xe", scope: "lt", trust: 1, vendor: "cisco", version: "17.15.1", }, { model: "nx-os", scope: "gte", trust: 1, vendor: "cisco", version: "10.3\\(1\\)", }, { model: "openstack platform", scope: "eq", trust: 1, vendor: "redhat", version: "16.1", }, { model: "grpc", scope: "eq", trust: 1, vendor: "grpc", version: "1.57.0", }, { model: "big-ip application acceleration manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "openshift dev spaces", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "12.0.0", }, { model: "big-ip analytics", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "prime infrastructure", scope: "lt", trust: 1, vendor: "cisco", version: "3.10.4", }, { model: "h2o", scope: "lt", trust: 1, vendor: "dena", version: "2023-10-10", }, { model: "nginx ingress controller", scope: "gte", trust: 1, vendor: "f5", version: "3.0.0", }, { model: "openshift pipelines", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip webaccelerator", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip local traffic manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "10.0.0", }, { model: "big-ip application security manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip fraud protection service", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip fraud protection service", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "jboss enterprise application platform", scope: "eq", trust: 1, vendor: "redhat", version: "7.0.0", }, { model: "unified contact center enterprise", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "istio", scope: "lt", trust: 1, vendor: "istio", version: "1.18.3", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "secure dynamic attributes connector", scope: "lt", trust: 1, vendor: "cisco", version: "2.2.0", }, { model: "big-ip websafe", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "ceph storage", scope: "eq", trust: 1, vendor: "redhat", version: "5.0", }, { model: "run once duration override operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip link controller", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "big-ip local traffic manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "integration camel k", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "visual studio 2022", scope: "gte", trust: 1, vendor: "microsoft", version: "17.7", }, { model: "big-ip carrier-grade nat", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip ddos hybrid defender", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.27.0", }, { model: "nginx ingress controller", scope: "lte", trust: 1, vendor: "f5", version: "2.4.2", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "integration service registry", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "firepower threat defense", scope: "lt", trust: 1, vendor: "cisco", version: "7.4.2", }, { model: "big-ip analytics", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "node.js", scope: "gte", trust: 1, vendor: "nodejs", version: "20.0.0", }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "9.0.80", }, { model: "iot field network director", scope: "lt", trust: 1, vendor: "cisco", version: "4.11.0", }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "asp.net core", scope: "gte", trust: 1, vendor: "microsoft", version: "6.0.0", }, { model: "migration toolkit for virtualization", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip link controller", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "big-ip ssl orchestrator", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "big-ip fraud protection service", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: ".net", scope: "gte", trust: 1, vendor: "microsoft", version: "6.0.0", }, { model: "jetty", scope: "gte", trust: 1, vendor: "eclipse", version: "11.0.0", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "unified attendant console advanced", scope: "eq", trust: 1, vendor: "cisco", version: null, }, { model: "big-ip advanced web application firewall", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "14.1.5", }, { model: "web terminal", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "13.1.5", }, { model: "traffic server", scope: "lt", trust: 1, vendor: "apache", version: "9.2.3", }, { model: "windows server 2019", scope: "eq", trust: 1, vendor: "microsoft", version: null, }, { model: "linkerd", scope: "lte", trust: 1, vendor: "linkerd", version: "2.12.5", }, { model: "jetty", scope: "lt", trust: 1, vendor: "eclipse", version: "10.0.17", }, { model: "network observability operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "16.1.0", }, { model: "visual studio 2022", scope: "lt", trust: 1, vendor: "microsoft", version: "17.4.12", }, { model: "azure kubernetes service", scope: "lt", trust: 1, vendor: "microsoft", version: "2023-10-08", }, { model: "openshift sandboxed containers", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "big-ip webaccelerator", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "8.0", }, { model: "big-ip domain name system", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "tomcat", scope: "lte", trust: 1, vendor: "apache", version: "10.1.13", }, { model: "big-ip application visibility and reporting", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "big-ip application acceleration manager", scope: "gte", trust: 1, vendor: "f5", version: "14.1.0", }, { model: "big-ip application security manager", scope: "eq", trust: 1, vendor: "f5", version: "17.1.0", }, { model: "big-ip next service proxy for kubernetes", scope: "lte", trust: 1, vendor: "f5", version: "1.8.2", }, { model: "asp.net core", scope: "gte", trust: 1, vendor: "microsoft", version: "7.0.0", }, { model: "big-ip ddos hybrid defender", scope: "gte", trust: 1, vendor: "f5", version: "15.1.0", }, { model: "nginx ingress controller", scope: "gte", trust: 1, vendor: "f5", version: "2.0.0", }, { model: "asp.net core", scope: "lt", trust: 1, vendor: "microsoft", version: "6.0.23", }, { model: "openshift developer tools and services", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "connected mobile experiences", scope: "lt", trust: 1, vendor: "cisco", version: "11.1", }, { model: "nginx ingress controller", scope: "lte", trust: 1, vendor: "f5", version: "3.3.0", }, { model: ".net", scope: "gte", trust: 1, vendor: "microsoft", version: "7.0.0", }, { model: "contour", scope: "lt", trust: 1, vendor: "projectcontour", version: "2023-10-11", }, { model: "big-ip policy enforcement manager", scope: "lte", trust: 1, vendor: "f5", version: "16.1.4", }, { model: "big-ip advanced firewall manager", scope: "gte", trust: 1, vendor: "f5", version: "13.1.0", }, { model: "self node remediation operator", scope: "eq", trust: 1, vendor: "redhat", version: null, }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "9.0", }, { model: "nginx", scope: "lte", trust: 1, vendor: "f5", version: "1.25.2", }, { model: "big-ip advanced firewall manager", scope: "lte", trust: 1, vendor: "f5", version: "15.1.10", }, { model: "envoy", scope: "eq", trust: 1, vendor: "envoyproxy", version: "1.26.4", }, { model: "netty", scope: "lt", trust: 1, vendor: "netty", version: "4.1.100", }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.57.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.1.100", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.0.2", versionStartIncluding: "12.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.0.17", versionStartIncluding: "11.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.17", versionStartIncluding: "10.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.53", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.7.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "0.17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.21.3", versionStartIncluding: "1.21.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.20.10", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "0.17.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "13.1.5", versionStartIncluding: "13.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "14.1.5", versionStartIncluding: "14.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "15.1.10", versionStartIncluding: "15.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "16.1.4", versionStartIncluding: "16.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "r29", versionStartIncluding: "r25", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.8.2", versionStartIncluding: "1.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.25.2", versionStartIncluding: "1.9.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.4.2", versionStartIncluding: "2.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.3.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.80", versionStartIncluding: "9.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.93", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "10.1.13", versionStartIncluding: "10.1.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*", cpe_name: [], versionEndExcluding: "1.28.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "1.58.3", versionStartIncluding: "1.58.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*", cpe_name: [], versionEndExcluding: "1.56.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", cpe_name: [], versionEndIncluding: "1.59.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.19045.3570", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.17763.4974", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.22000.2538", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.22621.2428", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", cpe_name: [], versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", cpe_name: [], versionEndExcluding: "10.0.14393.6351", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.0.19044.3570", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.7.5", versionStartIncluding: "17.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.6.8", versionStartIncluding: "17.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.4.12", versionStartIncluding: "17.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.2.20", versionStartIncluding: "17.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.0.12", versionStartIncluding: "7.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.23", versionStartIncluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-08", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndExcluding: "18.18.2", versionStartIncluding: "18.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "20.8.1", versionStartIncluding: "20.0.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023.10.16.00", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2.3", versionStartIncluding: "9.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.1.9", versionStartIncluding: "8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.6.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.5.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.2.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.19.1", versionStartIncluding: "1.19.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.18.3", versionStartIncluding: "1.18.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.17.6", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2023-10-10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.10.5", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*", cpe_name: [], versionEndExcluding: "2023-10-11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*", cpe_name: [], versionEndIncluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.26.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.5.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*", cpe_name: [], versionEndExcluding: "3.4.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", cpe_name: [], versionEndIncluding: "2.427", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", cpe_name: [], versionEndIncluding: "2.414.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.4.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.21.4.3", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "3.10.4", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.19.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.4.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.22", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "17.15.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.2.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.11.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "7.11.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.1.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "x14.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "x14.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.6.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.02.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.02.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2024.01.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "15.1.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2\\(7\\)", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.3\\(5\\)", versionStartIncluding: "10.3\\(1\\)", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "175376", }, ], trust: 0.6, }, cve: "CVE-2023-44487", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-44487", trust: 1, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. \n\n\n\n\nDescription:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\n\n\n\nDescription:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\nThe following data is constructed from data provided by Red Hat's json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: dotnet6.0 security update\nAdvisory ID: RHSA-2023:5710-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:5710\nIssue date: 2023-10-16\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nAn update for dotnet6.0 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n libnghttp2-14 1.55.1-1ubuntu0.2\n nghttp2 1.55.1-1ubuntu0.2\n nghttp2-client 1.55.1-1ubuntu0.2\n nghttp2-proxy 1.55.1-1ubuntu0.2\n nghttp2-server 1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n libnghttp2-14 1.43.0-1ubuntu0.2\n nghttp2 1.43.0-1ubuntu0.2\n nghttp2-client 1.43.0-1ubuntu0.2\n nghttp2-proxy 1.43.0-1ubuntu0.2\n nghttp2-server 1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n libnghttp2-14 1.40.0-1ubuntu0.3\n nghttp2 1.40.0-1ubuntu0.3\n nghttp2-client 1.40.0-1ubuntu0.3\n nghttp2-proxy 1.40.0-1ubuntu0.3\n nghttp2-server 1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.30.0-1ubuntu1+esm2\n nghttp2 1.30.0-1ubuntu1+esm2\n nghttp2-client 1.30.0-1ubuntu1+esm2\n nghttp2-proxy 1.30.0-1ubuntu1+esm2\n nghttp2-server 1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n libnghttp2-14 1.7.1-1ubuntu0.1~esm2\n nghttp2 1.7.1-1ubuntu0.1~esm2\n nghttp2-client 1.7.1-1ubuntu0.1~esm2\n nghttp2-proxy 1.7.1-1ubuntu0.1~esm2\n nghttp2-server 1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5558-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nNovember 18, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : netty\nCVE ID : CVE-2023-34462 CVE-2023-44487\nDebian Bug : 1038947 1054234\n\nTwo security vulnerabilities have been discovered in Netty, a Java NIO\nclient/server socket framework. \n\nCVE-2023-34462\n\n It might be possible for a remote peer to send a client hello packet during\n a TLS handshake which lead the server to buffer up to 16 MB of data per\n connection. This could lead to a OutOfMemoryError and so result in a denial\n of service. \n This problem is also known as Rapid Reset Attack. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 1:4.1.48-4+deb11u2. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 1:4.1.48-7+deb12u1. \n\nWe recommend that you upgrade your netty packages. \n\nFor the detailed security status of netty please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/netty\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97\nUNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0\neamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH\n1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB\neAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g\nSUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza\nDa8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1\ng6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom\nrrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0\nP3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg\nO6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=\n=4ExT\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience", sources: [ { db: "NVD", id: "CVE-2023-44487", }, { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-44487", trust: 1.9, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/18/8", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/10/6", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/19/6", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/18/4", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/13/4", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/13/9", trust: 1, }, { db: "OPENWALL", id: "OSS-SECURITY/2023/10/20/8", trust: 1, }, { db: "PACKETSTORM", id: "175239", trust: 0.1, }, { db: "PACKETSTORM", id: "175234", trust: 0.1, }, { db: "PACKETSTORM", id: "175230", trust: 0.1, }, { db: "PACKETSTORM", id: "175126", trust: 0.1, }, { db: "PACKETSTORM", id: "175160", trust: 0.1, }, { db: "PACKETSTORM", id: "178284", trust: 0.1, }, { db: "PACKETSTORM", id: "175875", trust: 0.1, }, { db: "PACKETSTORM", id: "175807", trust: 0.1, }, { db: "PACKETSTORM", id: "175376", trust: 0.1, }, ], sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, id: "VAR-202310-0175", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.465728264, }, last_update_date: "2024-07-23T21:36:24.758000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-400", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-44487", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { trust: 1, url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { trust: 1, url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { trust: 1, url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { trust: 1, url: "https://aws.amazon.com/security/security-bulletins/aws-2023-011/", }, { trust: 1, url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { trust: 1, url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { trust: 1, url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { trust: 1, url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { trust: 1, url: "https://blog.vespa.ai/cve-2023-44487/", }, { trust: 1, url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { trust: 1, url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { trust: 1, url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { trust: 1, url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { trust: 1, url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { trust: 1, url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { trust: 1, url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { trust: 1, url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { trust: 1, url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { trust: 1, url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { trust: 1, url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { trust: 1, url: "https://github.com/azure/aks/issues/3947", }, { trust: 1, url: "https://github.com/kong/kong/discussions/11741", }, { trust: 1, url: "https://github.com/advisories/ghsa-qppj-fm5r-hxr3", }, { trust: 1, url: "https://github.com/advisories/ghsa-vx74-f528-fxqg", }, { trust: 1, url: "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p", }, { trust: 1, url: "https://github.com/akka/akka-http/issues/4323", }, { trust: 1, url: "https://github.com/alibaba/tengine/issues/1872", }, { trust: 1, url: "https://github.com/apache/apisix/issues/10320", }, { trust: 1, url: "https://github.com/apache/httpd-site/pull/10", }, { trust: 1, url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113", }, { trust: 1, url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { trust: 1, url: "https://github.com/apache/trafficserver/pull/10564", }, { trust: 1, url: "https://github.com/arkrwn/poc/tree/main/cve-2023-44487", }, { trust: 1, url: "https://github.com/bcdannyboy/cve-2023-44487", }, { trust: 1, url: "https://github.com/caddyserver/caddy/issues/5877", }, { trust: 1, url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { trust: 1, url: "https://github.com/dotnet/announcements/issues/277", }, { trust: 1, url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73", }, { trust: 1, url: "https://github.com/eclipse/jetty.project/issues/10679", }, { trust: 1, url: "https://github.com/envoyproxy/envoy/pull/30055", }, { trust: 1, url: "https://github.com/etcd-io/etcd/issues/16740", }, { trust: 1, url: "https://github.com/facebook/proxygen/pull/466", }, { trust: 1, url: "https://github.com/golang/go/issues/63417", }, { trust: 1, url: "https://github.com/grpc/grpc-go/pull/6703", }, { trust: 1, url: "https://github.com/h2o/h2o/pull/3291", }, { trust: 1, url: "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf", }, { trust: 1, url: "https://github.com/haproxy/haproxy/issues/2312", }, { trust: 1, url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244", }, { trust: 1, url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { trust: 1, url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { trust: 1, url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { trust: 1, url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { trust: 1, url: "https://github.com/line/armeria/pull/5232", }, { trust: 1, url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { trust: 1, url: "https://github.com/micrictor/http2-rst-stream", }, { trust: 1, url: "https://github.com/microsoft/cbl-mariner/pull/6381", }, { trust: 1, url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { trust: 1, url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { trust: 1, url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { trust: 1, url: "https://github.com/ninenines/cowboy/issues/1615", }, { trust: 1, url: "https://github.com/nodejs/node/pull/50121", }, { trust: 1, url: "https://github.com/openresty/openresty/issues/930", }, { trust: 1, url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { trust: 1, url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { trust: 1, url: "https://github.com/projectcontour/contour/pull/5826", }, { trust: 1, url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { trust: 1, url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { trust: 1, url: "https://groups.google.com/g/golang-announce/c/innxdtcjzvo", }, { trust: 1, url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { trust: 1, url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { trust: 1, url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { trust: 1, url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/", }, { trust: 1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/", }, { trust: 1, url: "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html", }, { trust: 1, url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html", }, { trust: 1, url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { trust: 1, url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { trust: 1, url: "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487", }, { trust: 1, url: "https://my.f5.com/manage/s/article/k000137106", }, { trust: 1, url: "https://netty.io/news/2023/10/10/4-1-100-final.html", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37830987", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37830998", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37831062", }, { trust: 1, url: "https://news.ycombinator.com/item?id=37837043", }, { trust: 1, url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { trust: 1, url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { trust: 1, url: "https://security.gentoo.org/glsa/202311-09", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { trust: 1, url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { trust: 1, url: "https://security.paloaltonetworks.com/cve-2023-44487", }, { trust: 1, url: "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14", }, { trust: 1, url: "https://ubuntu.com/security/cve-2023-44487", }, { trust: 1, url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { trust: 1, url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { trust: 1, url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5521", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5522", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5540", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5549", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5558", }, { trust: 1, url: "https://www.debian.org/security/2023/dsa-5570", }, { trust: 1, url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { trust: 1, url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { trust: 1, url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { trust: 1, url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { trust: 1, url: "https://www.phoronix.com/news/http2-rapid-reset-attack", }, { trust: 1, url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { trust: 0.9, url: "https://nvd.nist.gov/vuln/detail/cve-2023-44487", }, { trust: 0.6, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.5, url: "https://access.redhat.com/articles/11258", }, { trust: 0.5, url: "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5945.json", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.10.4", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5945", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5928.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5928", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5922", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5766", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5766.json", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5710.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:5710", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-6754-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9513", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9511", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2024-28182", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.2", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.1", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-6505-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.52.0-1ubuntu0.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.1", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2023-34462", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/netty", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:6105", }, ], sources: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "PACKETSTORM", id: "175239", }, { db: "PACKETSTORM", id: "175234", }, { db: "PACKETSTORM", id: "175230", }, { db: "PACKETSTORM", id: "175126", }, { db: "PACKETSTORM", id: "175160", }, { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, { db: "PACKETSTORM", id: "175807", }, { db: "PACKETSTORM", id: "175376", }, { db: "NVD", id: "CVE-2023-44487", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-10-20T14:34:30", db: "PACKETSTORM", id: "175239", }, { date: "2023-10-20T14:33:16", db: "PACKETSTORM", id: "175234", }, { date: "2023-10-20T14:32:33", db: "PACKETSTORM", id: "175230", }, { date: "2023-10-17T15:39:55", db: "PACKETSTORM", id: "175126", }, { date: "2023-10-18T16:23:08", db: "PACKETSTORM", id: "175160", }, { date: "2024-04-26T15:13:40", db: "PACKETSTORM", id: "178284", }, { date: "2023-11-22T16:28:02", db: "PACKETSTORM", id: "175875", }, { date: "2023-11-20T16:25:51", db: "PACKETSTORM", id: "175807", }, { date: "2023-10-27T12:55:12", db: "PACKETSTORM", id: "175376", }, { date: "2023-10-10T14:15:10.883000", db: "NVD", id: "CVE-2023-44487", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-06-27T18:34:22.110000", db: "NVD", id: "CVE-2023-44487", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "178284", }, { db: "PACKETSTORM", id: "175875", }, ], trust: 0.2, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat Security Advisory 2023-5945-01", sources: [ { db: "PACKETSTORM", id: "175239", }, ], trust: 0.1, }, }