[syslog-ng] Vulnerability making News - HTTP/2 Rapid Reset DDoS CVE-2023-44487

Mayekar, PrachiX prachix.mayekar at intel.com
Mon Oct 16 08:10:14 UTC 2023

Hi Team,

Are syslog products vulnerable to this vulnerability ?

Need to know if Syslog is affected:

CVE-2023-44487 is a vulnerability in the HTTP/2 protocol that was recently used to launch DDoS attacks. The vulnerability allows for denial of service (DoS) because request cancellation can reset many streams quickly. https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at https://it.intel.com<https://it.intel.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20231016/530927e5/attachment.htm>

More information about the syslog-ng mailing list