[syslog-ng] Vulnerability making News - HTTP/2 Rapid Reset DDoS CVE-2023-44487
Mayekar, PrachiX
prachix.mayekar at intel.com
Mon Oct 16 08:10:14 UTC 2023
Hi Team,
Are syslog products vulnerable to this vulnerability ?
Need to know if Syslog is affected:
CVE-2023-44487 is a vulnerability in the HTTP/2 protocol that was recently used to launch DDoS attacks. The vulnerability allows for denial of service (DoS) because request cancellation can reset many streams quickly. https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at https://it.intel.com<https://it.intel.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20231016/530927e5/attachment.htm>
More information about the syslog-ng
mailing list