What is CVE-2023-43622?

CVE-2023-43622 is a vulnerability in Apache Software Foundation Http Server, classified under Uncontrolled Resource Consumption. Published 2023-10-23.

Is CVE-2023-43622 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Apache Software Foundation Http Server

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.595 (98.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.55

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (vendor-advisory)
security.netapp.com/advisory/ntap-20231027-0011/

Frequently asked questions

What is CVE-2023-43622?: CVE-2023-43622 is a vulnerability in Apache Software Foundation Http Server, classified under Uncontrolled Resource Consumption. Published 2023-10-23.
Is CVE-2023-43622 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.