Ô¤¾¯±àºÅ£ºINSPUR-SA-202311-002
³õʼÐû²¼Ê±¼ä£º2023-11-22 16:44:43
¸üÐÂÐû²¼Ê±¼ä£º2023-11-22 16:44:33
Îó²îÐÎò£º
HTTP/2 ÐÒé±£´æ¾Ü¾ø·þÎñÎó²î(CVE-2023-44487)�£¬´ËÎó²îÔÊÐí¶ñÒâ¹¥»÷ÕßÌᳫÕë¶ÔHTTP/2 ·þÎñÆ÷µÄDDoS¹¥»÷�£¬Ê¹Óà HEADERS ºÍ RST_STREAM·¢ËÍÒ»×éHTTPÇëÇó�£¬²¢Öظ´´ËģʽÒÔÔÚÄ¿µÄ HTTP/2 ·þÎñÆ÷ÉÏÌìÉú´ó×ÚÁ÷Á¿��¡£Í¨¹ýÔÚµ¥¸öÅþÁ¬Öдò°ü¶à¸öHEADERSºÍRST_STREAMÖ¡�£¬¿ÉÄܵ¼ÖÂÿÃëÇëÇóÁ¿ÏÔÖøÔöÌí�£¬²¢µ¼Ö·þÎñÆ÷ÉϵÄCPU ʹÓÃÂʽϸß�£¬×îÖÕµ¼ÖÂ×ÊÔ´ºÄ¾¡�£¬Ôì³É¾Ü¾ø·þÎñ��¡£
CVSSÆÀ·Ö£º
| CVE |
V3.1 Vector(Base) |
Base Score |
V3.1 Vector(Temporal Score) |
Temporal Score |
| CVE-2023-44487 |
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
7.5 |
E:P/RL:O/RC:C |
6.7 |
ÊÜÓ°Ïì²úÆ·£º
| ²úÆ·Ãû³Æ |
ÊÜÓ°Ïì°æ±¾ |
»º½â¼Æ»® |
| EDR6.0 |
EDR6.0 |
EDR6.0_CVE-2023-44487_install.sh |
| IncloudOS |
IncloudOS V6.x <=? 6.8.1 |
IncloudOS_CVE-2023-44487_Disable_HTP2.sh |
ÊÖÒÕϸ½Ú£º
ÎÞ
Îó²î½â¾ö¼Æ»®£º
ÇëÓû§Ö±½ÓÁªÏµ¿Í»§·þÎñÖ°Ô±�£¬»ñÈ¡²¹¶¡ÒÔ¼°Ïà¹ØµÄÊÖÒÕÖ§³Ö��¡£
FAQ£º
ÎÞ
¸üмͼ£º
20231122-V1.0-Initial Release
×ðÁú¿Ê±Çå¾²Ó¦¼±ÏìÓ¦¶ÔÍâ·þÎñ£º
×ðÁú¿Ê±Ò»Ö±Ö÷Õž¡È«Á¦°ü¹Ü²úÆ·Óû§µÄ×îÖÕÀûÒæ�£¬×ñÕÕÈÏÕæÈεÄÇå¾²ÊÂÎñÅû¶ÔÔò�£¬²¢Í¨¹ý²úÆ·Çå¾²ÎÊÌâ´¦Öóͷ£»úÖÆ´¦Öóͷ£²úÆ·Çå¾²ÎÊÌâ��¡£
»ñÈ¡ÊÖÒÕÖ§³Ö£º/lcjtww/2317452/2317456/2317460/index.html
±¾ÎĵµÌṩµÄËùÓÐÊý¾ÝºÍÐÅÏ¢½ö¹©²Î¿¼�£¬ÇÒ"°´ÔÑù"Ìṩ�£¬²»ÔÊÐíÈκÎÕÑʾ¡¢Ä¬Ê¾ºÍ·¨¶¨µÄµ£±£�£¬°üÀ¨(µ«²»ÏÞÓÚ)¶ÔÊÊÏúÐÔ¡¢ÊÊÓÃÐÔ¼°²»ÇÖȨµÄµ£±£��¡£ÔÚÈκÎÇéÐÎÏÂ�£¬×ðÁú¿Ê±»òÆäÖ±½Ó»ò¼ä½Ó¿ØÖƵÄ×Ó¹«Ë¾�£¬»òÆ乩ӦÉÌ�£¬¾ù²î³ØÈκÎÒ»·½ÒòÒÀÀµ»òʹÓñ¾ÐÅÏ¢¶øÔâÊܵÄÈκÎËðʧ¼ç¸ºÔðÈÎ�£¬°üÀ¨Ö±½Ó�£¬¼ä½Ó�£¬ÎÞÒâ�£¬Ò»¶¨µÄÉÌÒµÀûÈóËðʧ»òÌØÊâËðʧ��¡£×ðÁú¿Ê±±£´æËæʱ¸ü¸Ä»ò¸üдËÎĵµµÄȨÁ¦��¡£
Ñ¡ÔñÓïÑÔ
