CVE-2023-44487
published 2024-04-25CVE-2023-44487: An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-10-31
Exploited in the wild
An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers.
Affected
320 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| akka | http_server | < 10.5.3 | 10.5.3 |
| amazon | opensearch_data_prepper | < 2.5.0 | 2.5.0 |
| apache | apisix | < 3.6.1 | 3.6.1 |
| apache | http_server | >= 2.4.17 < 2.4.58 | 2.4.58 |
| apache | httpd | — | — |
| apache | solr | < 9.4.0 | 9.4.0 |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | 10.1.0 – 10.1.13 | — |
| apache | tomcat | 8.5.0 – 8.5.93 | — |
| apache | tomcat | 9.0.0 – 9.0.80 | — |
| apache | traffic_server | >= 8.0.0 < 8.1.9 | 8.1.9 |
| apache | traffic_server | >= 9.0.0 < 9.2.3 | 9.2.3 |
| apache_software_foundation | apache_http_server | 2.4.17 – 2.4.57 | — |
| apple | swiftnio_http_2 | < 1.28.0 | 1.28.0 |
| atlassian | crowd | — | — |
| caddyserver | caddy | < 2.7.5 | 2.7.5 |
| cisco | business_process_automation | < 3.2.003.009 | 3.2.003.009 |
| cisco | connected_mobile_experiences | < 11.1 | 11.1 |
| cisco | crosswork_data_gateway | < 4.1.3 | 4.1.3 |
| cisco | crosswork_data_gateway | >= 5.0.0 < 5.0.2 | 5.0.2 |
| cisco | crosswork_zero_touch_provisioning | < 6.0.0 | 6.0.0 |
| cisco | expressway | < x14.3.3 | x14.3.3 |
| cisco | firepower_threat_defense | < 7.4.2 | 7.4.2 |
| cisco | fog_director | < 1.22 | 1.22 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH