CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2023-44487
7.594.40%

HTTP/2 Rapid Reset: How a Single TCP Connection Can Nuke a Server

Amit Schendel
Amit Schendel
Senior Security Researcher

Dec 31, 2025·11 min read·10 visits

Active ExploitationCISA KEV Listed

Executive Summary (TL;DR)

A design flaw in the HTTP/2 protocol allows an attacker to open and immediately cancel a massive number of data streams over a single connection. This forces the server to burn CPU and memory on useless setup/teardown work, leading to a complete Denial of Service. Because it's a protocol issue, almost everyone was vulnerable. It has been actively and massively exploited in the wild.

CVE-2023-44487, dubbed 'Rapid Reset,' is a protocol-level vulnerability in HTTP/2 that allows a single client to overwhelm and crash even the most powerful servers. By abusing the stream cancellation mechanism, an attacker can force a server to perform a massive amount of work setting up and tearing down communication streams, while the attacker expends almost no resources. This asymmetry creates a devastating Denial of Service vector that bypasses traditional rate-limiting defenses. The flaw isn't in a specific piece of software, but in the very design of the protocol, leading to a coordinated, internet-wide patching effort affecting nearly every modern web server, CDN, and load balancer.

Technical Appendix

CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Probability
94.40%
Top 6% most exploited

Affected Systems

Any web server, CDN, load balancer, or application implementing the HTTP/2 protocol.

Affected Versions Detail

Product
Affected Versions
Fixed Version
Various HTTP/2 Implementations
Multiple Vendors
All unpatched versions-
AttributeDetail
CWE IDCWE-400
CWE NameUncontrolled Resource Consumption
Attack VectorNetwork
CVSS Score7.5 (High)
EPSS Score0.944 (94.4%)
ImpactDenial of Service
Exploit StatusActive Exploitation
KEV StatusListed in CISA KEV Catalog

MITRE ATT&CK Mapping

T1498Network Denial of Service
Impact
CWE-400
Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource, such as memory, file handles, or network connections. An attacker can exploit this by crafting requests that trigger excessive resource allocation, eventually leading to a denial of service when the resource is exhausted.

Known Exploits & Detection

GitHubProof-of-concept exploit script for demonstrating the HTTP/2 Rapid Reset vulnerability.
GitHubAnother PoC implementation in Go for testing server resilience against CVE-2023-44487.

Vulnerability Timeline

Initial large-scale exploitation campaigns begin, targeting major infrastructure providers.
2023-08-25
Coordinated public disclosure of the vulnerability by multiple vendors.
2023-10-10
CVE-2023-44487 is officially published and added to CISA's KEV catalog.
2023-10-10
Major open-source projects and vendors have patches widely available.
2023-10-11

References & Sources

  • [1]NVD - CVE-2023-44487
  • [2]Cloudflare: Technical Deep Dive on the HTTP/2 Rapid Reset DDoS Attack
  • [3]CISA Alert (AA23-284A): HTTP/2 Rapid Reset Vulnerability
  • [4]Google Cloud: Mitigating the largest DDoS attack in history

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.