A high-severity vulnerability (CVSS 7.5) in multiple HTTP/2 implementations enables a remote denial-of-service attack. The flaw affects a wide range of products and platforms, including specific versions of Rocky Linux, IBM QRadar SIEM, Splunk Enterprise (<9.3.1, <9.2.3, <9.1.6), Fortinet FortiOS (<7.4.2, <7.2.7, <7.0.14), and numerous Cisco, Dell, IBM, and Red Hat systems. Mitigations are available, and administrators must consult the detailed vendor-specific update list provided in the article for patching guidance.
[WID-SEC-2023-2618] http/2 Implementierungen: Schwachstelle ermöglicht Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 7.3 (hoch) Remoteangriff ja Datum 10.10.2023 Stand UPDATE 25.03.2026 Mitigation ja Betroffene Systeme Betriebssystem Linux MacOS X Sonstiges UNIX Windows Produktbeschreibung http/2 ist das HyperText Transfer Protocol in Version 2. Produkte UPDATE 04.12.2025 RESF Rocky Linux UPDATE 01.10.2025 Dell PowerProtect Data Domain <8.4.0.0 Dell PowerProtect Data Domain <7.10.1.70 Dell PowerProtect Data Domain <7.13.1.40 Dell PowerProtect Data Domain <8.3.1.10 UPDATE 27.07.2025 SUSE openSUSE UPDATE 15.07.2025 IBM QRadar SIEM UPDATE 10.06.2025 Siemens SIMATIC S7 1500 CPU UPDATE 05.05.2025 Google Cloud Platform UPDATE 30.03.2025 IBM DB2 on Cloud Pak for Data UPDATE 18.12.2024 IBM Security Guardium 11.4 IBM Security Guardium 11.5 IBM Security Guardium 12.0 UPDATE 25.11.2024 Red Hat OpenShift Container Platform <4.15.39 UPDATE 03.11.2024 Moxa Switch MDS-G4028-L3 Series Moxa Switch EDS-G512E UPDATE 14.10.2024 Splunk Splunk Enterprise <9.3.1 Splunk Splunk Enterprise <9.2.3 Splunk Splunk Enterprise <9.1.6 UPDATE 17.09.2024 IBM Operational Decision Manager 8.11.0.1 IBM Operational Decision Manager 8.12.0.1 IBM Operational Decision Manager 9.0.0 UPDATE 10.09.2024 Red Hat Enterprise Linux AMQ Streams 2 UPDATE 07.07.2024 IBM MQ UPDATE 19.06.2024 IBM SAN Volume Controller 8.4 IBM SAN Volume Controller 8.5 IBM SAN Volume Controller 8.6 UPDATE 23.04.2024 IBM App Connect Enterprise UPDATE 16.04.2024 IBM Power Hardware Management Console v10 UPDATE 09.04.2024 IBM Operational Decision Manager 8.10.x IBM Operational Decision Manager 8.11.x IBM Operational Decision Manager 8.12.x UPDATE 07.04.2024 IBM Maximo Asset Management 7.6.1 UPDATE 26.03.2024 Red Hat OpenShift Red Hat OpenShift Container Platform <4.15.5 UPDATE 19.03.2024 IBM InfoSphere Information Server 11.7 UPDATE 06.03.2024 Red Hat OpenShift Kube Descheduler Operator 5 Red Hat OpenShift Container Platform <4.13.36 UPDATE 03.03.2024 Xerox FreeFlow Print Server v9 IBM Business Automation Workflow UPDATE 14.02.2024 IBM Spectrum Scale 5.1 UPDATE 08.02.2024 Fortinet FortiOS <7.4.2 Fortinet FortiProxy <7.4.2 Fortinet FortiOS <7.2.7 Fortinet FortiOS <7.0.14 Fortinet FortiProxy <7.2.8 Fortinet FortiProxy 7.0 UPDATE 31.01.2024 Red Hat OpenShift Container Platform <4.12.48 UPDATE 28.01.2024 Dell NetWorker vProxy<19.9.0.4 Dell NetWorker vProxy<19.10 UPDATE 22.01.2024 IBM TXSeries 8.1 IBM TXSeries 8.2 IBM TXSeries 9.1 UPDATE 11.01.2024 RealObjects PDFreactor <11.6.10 UPDATE 07.01.2024 IBM Security Verify Access 10.0.0.0-10.0.6.1 UPDATE 03.01.2024 Red Hat OpenShift Container Platform <4.14.7 UPDATE 21.12.2023 Cisco Unified Contact Center Enterprise Cisco Nexus 3000 Series Switches Cisco Prime Network Registrar <11.2 Cisco Prime Infrastructure <3.10.4 Cisco Secure Web Appliance <15.2.0 Cisco Firepower <7.4.2 Cisco IOS XE <17.15.1 Cisco IOS XR <7.11.2 Cisco IOS XR <24.1.1 Cisco Nexus 9000 Series Switches Cisco Unified Attendant Console Advanced Cisco Unified Contact Center Enterprise <12.6.2 Cisco Expressway <X14.3.3 Cisco TelePresence <X14.3.3 UPDATE 18.12.2023 IBM QRadar SIEM 7.5 UPDATE 05.12.2023 Red Hat Integration Service Registry 1 UPDATE 03.12.2023 Veritas Enterprise Vault UPDATE 29.11.2023 Red Hat OpenShift <container platform 4.14.4 UPDATE 28.11.2023 Red Hat OpenShift <Container 4.11.54 Red Hat OpenShift <Container Platform 4.11.54 UPDATE 26.11.2023 Gentoo Linux UPDATE 22.11.2023 Ubuntu Linux UPDATE 16.11.2023 Red Hat OpenShift Container Platform 4.11 Red Hat OpenShift Container Platform 4.12 Red Hat OpenShift Container Platform 4.10 Red Hat Enterprise Linux Software Collections UPDATE 15.11.2023 IBM WebSphere Application Server Liberty UPDATE 13.11.2023 Open Source Varnish HTTP Cache <7.3.1 Open Source Varnish HTTP Cache <7.4.2 Open Source Varnish HTTP Cache <6.0.12 LTS UPDATE 26.10.2023 IBM DataPower Gateway <10.0.1.16 IBM DataPower Gateway <10.5.0.8 UPDATE 18.10.2023 Jenkins Jenkins <weekly 2.428 Jenkins Jenkins <LTS 2.414.3 UPDATE 17.10.2023 Oracle Linux UPDATE 16.10.2023 Debian Linux Amazon Linux 2 Citrix Systems Citrix Gateway Red Hat Enterprise Linux Citrix Systems ADC UPDATE 15.10.2023 SUSE Linux UPDATE 11.10.2023 Fedora Linux Golang Go <1.21.3 Golang Go <1.20.10 10.10.2023 NGINX NGINX Specification http/2 Angriff Angriff Ein entfernter, anonymer Angreifer kann eine Schwachstelle in verschiedenen http/2 Implementierungen ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben