AI description
CVE-2023-43622 is a denial-of-service (DoS) vulnerability affecting Apache HTTP Server versions 2.4.55 through 2.4.57. It involves an attacker establishing an HTTP/2 connection with an initial window size set to zero. This manipulation can cause the server to indefinitely block handling of the connection, effectively tying up resources. The vulnerability resembles the "slow loris" attack pattern, which aims to exhaust server resources and disrupt service. This vulnerability was addressed in Apache HTTP Server version 2.4.58. Upgrading to this or a later version is recommended to mitigate the risk associated with CVE-2023-43622.
- Description
- An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-400
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
16
⚫ ¡Atención Ecuador! Anonymous denuncia fraude en el sistema del CNE. Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por… h
@UrgenciaEcu
11 Feb 2025
16695 Impressions
280 Retweets
507 Likes
11 Bookmarks
23 Replies
11 Quotes
🚨 ¡Atención Ecuador y @DanielNoboaOk! Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por falta de tiempo, conocimiento o por
@YourAnonHunters
10 Feb 2025
20926 Impressions
228 Retweets
340 Likes
31 Bookmarks
34 Replies
27 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9F28355-B47B-463B-862A-E493D0743CC9",
"versionEndExcluding": "2.4.58",
"versionStartIncluding": "2.4.55"
}
],
"operator": "OR"
}
]
}
]