[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2023-10-20 17:39:01
Message-ID: 700225b5-c214-4f34-bf09-1c25703957b5 () oracle ! com
[Download RAW message or body]
On 10/18/23 16:10, Alan Coopersmith wrote:
> On 10/10/23 11:40, Alan Coopersmith wrote:
>> Information I've found so far on open source implementations (most via the
>> current listings in the CVE) include:
>
> Some more updates since last week:
>
>> - Apache httpd:
>> https://chaos.social/@icing/111210915918780532
>
> The discussion in https://github.com/apache/httpd-site/pull/10 makes the
> situation a little murkier.
https://github.com/icing/blog/blob/main/h2-rapid-reset.md clears that up
and explains why Apache issued a fix under a different CVE id for the
problem identified in that discussion, as we saw on this list yesterday.
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic