HTTP/2 (H2) vulnerability CVE-2023-44487, “rapid reset” attack permits a novel denial of service scenario where a high volume of coordinated HTTP/2 request cancellations can quickly reset many HTTP/2 streams, exhausting server resources and potentially causing outages.

Severity: High

Impacted: DevTest 10.7.x and lower

Vulnerability

Based on our initial review, Service Virtualization is affected by this vulnerability through netty-codec-http2 library.

As a next step, we will be releasing a patch with the latest recommended version of netty-codec-http2 library 4.1.100 to remediate this vulnerability.

This KB will be updated further when an ETA is available - right now the development team is actively working on this.