CVE-2023-44487, also known as "HTTP/2 Rapid Reset Attack," related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service.

API Gateway 10.1, 11.0

This vulnerability affects Jetty, which is used by API Gateway 10.x, 11.0 for HTTP/2 listen ports (inbound) implementation.

Since the CVE-2023-44487 requires a malicious client to exploit it, the HTTP/2 routing assertion (outbound) is not affected.

This vulnerability has been addressed in 10.1 CR04 and 11.0 CR02