CVE-2023-44487

ENISA EUVD: EUVD-2023-2795 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 8 articles Published: 2023-10-10
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
94.49%
probability
This CVE has a 94.49% probability of being exploited in the next 30 days.
0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.5
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

VulnerabilityLookup (CNA)
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Affected Products

n/a
n/a

Attack Intelligence

Exploits & PoC

bcdannyboy/CVE-2023-44487

Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487

244 2024-01-08
secengjeff/rapidresetclient

Tool for testing mitigations and exposure to Rapid Reset DDoS (CVE-2023-44487)

75 2023-10-30
Appsynergy-io/CVE-2023-44487

Proof of concept for DoS exploit

55 2023-10-13
studiogangster/CVE-2023-44487

A python based exploit to test out rapid reset attack (CVE-2023-44487)

21 2023-10-16
nxenon/cve-2023-44487

Examples for Implementing cve-2023-44487 ( HTTP/2 Rapid Reset Attack ) Concept

14 2023-11-10
threatlabindonesia/CVE-2023-44487-HTTP-2-Rapid-Reset-Exploit-PoC
8 2025-12-16
ndrscodes/http2-rst-stream-attacker

Highly configurable tool to check a server's vulnerability against CVE-2023-44487 by rapidly sending HEADERS and RST_STREAM frames and documenting the

6 2024-01-11
ReToCode/golang-CVE-2023-44487
2 2023-10-26
tpirate/cve-2023-44487-POC

poc for the rst dos attack discovered in 2023

2 2025-12-14
aulauniversal/CVE-2023-44487

RapidResetClient

1 2025-01-18
moften/CVE-2023-44487-HTTP-2-Rapid-Reset-Attack

HTTP/2 Rapid Reset Exploit PoC

1 2025-11-06
zanks08/cve-2023-44487-demo

Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487)

1 2025-04-22
ByteHackr/CVE-2023-44487

Test Script for CVE-2023-44487

0 2023-10-12
pabloec20/rapidreset

CVE-2023-44487

0 2023-10-12
sigridou/CVE-2023-44487-
0 2023-12-11
TYuan0816/cve-2023-44487
0 2024-04-22
sn130hk/CVE-2023-44487
0 2024-05-26
BMG-Black-Magic/CVE-2023-44487

POC for CVE-2023-44487

0 2025-02-19
madhusudhan-in/CVE_2023_44487-Rapid_Reset

A comprehensive Python testing tool for CVE-2023-44487, the HTTP/2 Rapid Reset vulnerability. This enhanced version provides granular control over tes

0 2025-08-29
ReGeLePuMa/HTTP-2-Rapid-Reset-DDos

PoC for HTTP/2 Rapid Reset DDoS Vulnerability - CVE-2023-44487

0 2026-01-21
sastraadiwiguna-purpleeliteteaming/DDoS-Purple-Teaming-Offensive-Multi-Vector-7-Tier-Defensive-Holistic-Blueprint-

Replicable Blueprint for advanced DDoS Purple Teaming, engineered for the threat landscape. It integrates a Red Elite Teaming offensive suite—featurin

0 2026-01-18
TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab
0 2026-04-29
galletitaconpate/CVE-2023-44487

CVE-2023-44487

0 2026-04-27
Hirokiii/CVE-2023-44487

Educational environment for LTAT.04.022 Homework 4.

0 2026-05-18
24 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 94.49%
CVSS v3.1 7.5
Mentions 8
Last Seen Oct 17, 2023

CNA Information

CNA Assigner
mitre

Analyst Note

CVE-2023-44487 is the HTTP/2 Rapid Reset vulnerability explicitly documented as 'exploited in the wild in August through October 2023' per the official description. Exploitation occurred before and during the CVE publication date (2023-10-10), meeting the zero-day criterion of in-the-wild exploitation preceding/concurrent with patch availability.

Threat Actors 4

APT 29
apt_group Information theft and espionage 🇷🇺 RU
SNOWGLOBE
apt_group Information theft and espionage 🇫🇷 FR
Red Dev 17
apt_group 🇨🇳 CN
Mana Team
apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026
Published DateOct 10, 2023