CVE-2023-44487: HTTP/2 Rapid Reset DDoS

Score: 7.5
HIGH
Published: 2023-10-10Affected: Multiple HTTP/2 implementationsCWE-400 β†—

What is the HTTP/2 Rapid Reset attack?

A novel DDoS attack vector exploiting the HTTP/2 RST_STREAM frame. Attackers rapidly open and cancel streams, consuming server resources while minimizing bandwidth usage. Enabled attacks exceeding 398 million requests per second.

Impact & Exploitation

Used in the largest DDoS attacks in history (Google reported 398M rps). Affected every major HTTP/2 implementation including Nginx, Apache, and cloud load balancers.

Related Resources

πŸ” Related CWE Entries

πŸ“‹ OWASP Top 10

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS7.5
SeverityHIGH
CWECWE-400
Published2023-10-10

Tags

http2ddosprotocolinfrastructure

Quick Links

Is your system affected?

Precogs AI detects HTTP/2 Rapid Reset DDoS in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2023-44487 HTTP/2 Rapid Reset DDoS don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo