CVE-2023-44487 – Rapid Reset HTTP/2 attack

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-44487 was published on 10 October 2023. It outlines a vulnerability in the HTTP/2 protocol, which allows DDoS attacks on a massive scale.

LiteSpeed Technologies made a blog post on 11th October 2023 wherein they confirm that LiteSpeed Web Server Enterprise, LiteSpeed Web ADC and OpenLiteSpeed, are not vulnerable to the Rapid Reset attack.