CVE-2023-43622

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 23, 2023

Updated: Nov 1, 2023

CWE ID 400

Summary

CVE-2023-43622 is a vulnerability in Apache HTTP Server versions 2.4.55 through 2.4.57. An attacker can exploit this issue by opening a HTTP/2 connection with an initial window size of 0, which indefinitely blocks handling of that connection. This could result in the exhaustion of worker resources in the server, mimicking the infamous "slow loris" attack pattern. To mitigate this risk, users are advised to upgrade to version 2.4.58, as it terminates such connections properly after the configured timeout.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation Apache HTTP Server

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/svNqm0
https://www.cve.org/CVERecord?id=CVE-2023-43622
https://nvd.nist.gov/vuln/detail/CVE-2023-43622

Back to Vulnerability Database