Vulnerability CVE-2023-44487 - Service Virtualization (DevTest)
search cancel

Vulnerability CVE-2023-44487 - Service Virtualization (DevTest)

book

Article ID: 275032

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

HTTP/2 (H2) vulnerability CVE-2023-44487, “rapid reset” attack permits a novel denial of service scenario where a high volume of coordinated HTTP/2 request cancellations can quickly reset many HTTP/2 streams, exhausting server resources and potentially causing outages.

Severity: High

Environment

Impacted: DevTest 10.7.x and lower

Cause

Vulnerability

Resolution

Based on our initial review, Service Virtualization is affected by this vulnerability through netty-codec-http2 library.

As a next step, we will be releasing a patch with the latest recommended version of netty-codec-http2 library 4.1.100 to remediate this vulnerability.

This KB will be updated further when an ETA is available - right now the development team is actively working on this.