[PaloAlto] Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)

If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-service (DDoS) attack in inspected traffic will contribute towards the session capacity limit of the firewall. This can result in the intermittent availability of new firewall sessions and is consistent in impact with other volumetric DDoS attacks. Availability of new firewall sessions will recover naturally once the DDoS attack stops. Customers who have enabled Threat prevention ID 40152 (Applications and Threats content update 8765) can block this attack from happening in inspected HTTP/2 traffic.

CVE-2023-44487 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945)

The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service (DoS) vulnerabilities in the HTTP/2 protocol including Rapid Reset (CVE-2023-44487) and CV…

PAN PSIRT

cve-details

.rh-logo-hat { fill: #e00; } .rh-logo-type { fill: #fff; } Red Hat

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA

Cybersecurity and Infrastructure Security Agency CISA

GitHub - bcdannyboy/CVE-2023-44487: Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487

Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487 - GitHub - bcdannyboy/CVE-2023-44487: Basic vulnerability scanning to see if web servers may be vulnerable to…

GitHubbcdannyboy

Security Update Guide - Microsoft Security Response Center

Microsoft Security Response Center