{"id":3597,"date":"2023-10-11T09:28:52","date_gmt":"2023-10-11T06:28:52","guid":{"rendered":"https:\/\/www.govcert.bg\/?p=3597"},"modified":"2023-10-12T09:38:59","modified_gmt":"2023-10-12T06:38:59","slug":"%d1%83%d1%8f%d0%b7%d0%b2%d0%b8%d0%bc%d0%be%d1%81%d1%82-cve-2023-44487-http-2-rapid-reset","status":"publish","type":"post","link":"https:\/\/www.govcert.bg\/en\/warnings\/%d1%83%d1%8f%d0%b7%d0%b2%d0%b8%d0%bc%d0%be%d1%81%d1%82-cve-2023-44487-http-2-rapid-reset\/","title":{"rendered":"HTTP\/2 Rapid Reset Vulnerability - CVE-2023-44487"},"content":{"rendered":"

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP\/2 protocol. The vulnerability (CVE-2023-44487<\/a>), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023.<\/p>\n

\u0415\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0430\u0446\u0438\u044f \u0432\u044a\u0440\u0445\u0443 \u0443\u0435\u0431 \u0441\u044a\u0440\u0432\u044a\u0440\u0438 \u0441 HTTP\/2 \u0432\u043e\u0434\u0438 \u0434\u043e Layer 7 DoS – denial of service (server resource consumption) \u0430\u0442\u0430\u043a\u0430. \u0422\u044f \u0441\u0435 \u0438\u0437\u0440\u0430\u0437\u044f\u0432\u0430 \u0432 \u0441\u043b\u0435\u0434\u043d\u043e\u0442\u043e: \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0430\u0442 \u0441\u0435 \u0437\u0430\u044f\u0432\u043a\u0438, \u043a\u043e\u0438\u0442\u043e \u0431\u0438\u0432\u0430\u0442 \u0435\u0434\u043d\u043e\u0441\u0442\u0440\u0430\u043d\u043d\u043e \u0441\u043f\u0440\u0435\u043d\u0438 \u043e\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0434\u043e\u0440\u0438 \u043f\u0440\u0435\u0434\u0438 \u0434\u0430 \u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d \u043e\u0442\u0433\u043e\u0432\u043e\u0440 \u043e\u0442 \u0443\u0435\u0431 \u0441\u044a\u0440\u0432\u044a\u0440\u0430, \u0447\u0440\u0435\u0437 \u0438\u0437\u043f\u0440\u0430\u0449\u0430\u043d\u0435 \u043d\u0430 RST_STREAM frame. \u0417\u0430 \u0432\u0441\u044f\u043a\u0430 \u0437\u0430\u044f\u0432\u043a\u0430 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u0438\u0437\u043f\u0440\u0430\u0442\u044f\u0442 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0431\u0440\u043e\u0439 \u0437\u0430\u044f\u0432\u043a\u0438 \u0437\u0430 \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u044f\u0432\u0430\u043d\u0435, \u043a\u043e\u0438\u0442\u043e \u0441\u0435\u00a0 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0432\u0430\u0442 \u043e\u0442 \u0443\u0435\u0431 \u0441\u044a\u0440\u0432\u044a\u0440\u0430 \u0438 \u0432\u043e\u0434\u0438 \u0434\u043e \u043f\u0440\u0435\u0442\u043e\u0432\u0430\u0440\u0432\u0430\u043d\u0435 \u0438 \u0438\u0437\u0447\u0435\u0440\u043f\u0432\u0430\u043d\u0435 \u043d\u0430 \u0440\u0435\u0441\u0443\u0440\u0441\u0438\u0442\u0435 \u043c\u0443.<\/p>\n

CERT <\/strong>Bulgaria<\/strong> encourages users and administrators to review the following advisories and apply the necessary updates<\/p>\n