Search for vulnerabilities
Vulnerability details: VCID-afqb-78ks-aaak
Vulnerability ID VCID-afqb-78ks-aaak
Aliases CVE-2023-43622
Summary An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.54706 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.5491 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.56898 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.57403 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60282 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.60764 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.64993 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.64993 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.64993 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.76197 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
epss 0.83685 https://api.first.org/data/v1/epss?cve=CVE-2023-43622
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
generic_textual HIGH https://httpd.apache.org/security/vulnerabilities_24.html
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-43622
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-43622
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
https://api.first.org/data/v1/epss?cve=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20231027-0011/
2245153 https://bugzilla.redhat.com/show_bug.cgi?id=2245153
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
CVE-2023-43622 https://httpd.apache.org/security/json/CVE-2023-43622.json
CVE-2023-43622 https://nvd.nist.gov/vuln/detail/CVE-2023-43622
RHSA-2024:2368 https://access.redhat.com/errata/RHSA-2024:2368
USN-6506-1 https://usn.ubuntu.com/6506-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43622
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-43622
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.48401
EPSS Score 0.00124
Published At Nov. 24, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.