AI description
CVE-2023-43622 is a denial-of-service (DoS) vulnerability affecting Apache HTTP Server versions 2.4.55 through 2.4.57. It involves an attacker establishing an HTTP/2 connection with an initial window size set to zero. This manipulation can cause the server to indefinitely block handling of the connection, effectively tying up resources. The vulnerability resembles the "slow loris" attack pattern, which aims to exhaust server resources and disrupt service. This vulnerability was addressed in Apache HTTP Server version 2.4.58. Upgrading to this or a later version is recommended to mitigate the risk associated with CVE-2023-43622.
- Description
- An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-400
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚫ ¡Atención Ecuador! Anonymous denuncia fraude en el sistema del CNE. Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por… h
@UrgenciaEcu
11 Feb 2025
26225 Impressions
309 Retweets
592 Likes
19 Bookmarks
28 Replies
12 Quotes
🚨 ¡Atención Ecuador y @DanielNoboaOk! Apache/2.4.58 corrige vulnerabilidades importantes: 🔐 CVE-2023-43622 (HTTP/2) y CVE-2023-31122 (mod_macro) ⚠️. ¡Actualiza ya! 💻 ¿Por qué algunos informáticos usan servidores vulnerables? 🤔 A veces, por falta de tiempo, conocimiento o por
@YourAnonHunters
10 Feb 2025
20926 Impressions
228 Retweets
340 Likes
31 Bookmarks
34 Replies
27 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9F28355-B47B-463B-862A-E493D0743CC9",
"versionEndExcluding": "2.4.58",
"versionStartIncluding": "2.4.55"
}
],
"operator": "OR"
}
]
}
]