HTTP/2 (H2) vulnerability CVE-2023-44487, “rapid reset” attack permits a novel denial of service scenario where a high volume of coordinated HTTP/2 request cancellations can quickly reset many HTTP/2 streams, exhausting server resources and potentially causing outages.
Impacted: 4.9, 4.10
Third Party Vulnerability
Based on our initial review, Test Data Manager is affected by this vulnerability through tomcat-9.0.75 library.
However, this vulnerability cannot be exploited because TDM doesn’t support HTTP/2.
Apache Tomcat 9.0.81 and above has the fix for this vulnerability.
A new version of TDM Masking image 220.127.116.11 that contains tomcat 9.0.82 is available at :