Is CVE-2023-44487 exploitable?

Yes — CVE-2023-44487 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2023-44487 a false positive?

No practitioners have marked CVE-2023-44487 a false positive so far (3 verdicts).

How do I remediate CVE-2023-44487?

See the authoritative references (NVD, vendor advisory) and community field notes on this page for remediation guidance.

CVE-2023-44487 — HTTP/2 Rapid Reset

Uncontrolled Resource Consumption — is CVE-2023-44487real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 7.5EPSS 100.0%CISA KEVCWE-400 · Uncontrolled Resource Consumption

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

NVD MITRE CVE.org CISA KEV

Published Oct 10, 2023

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2023-44487/badge.svg)](https://www.truepositive.app/cve/CVE-2023-44487)

HTML

<a href="https://www.truepositive.app/cve/CVE-2023-44487"><img src="https://www.truepositive.app/cve/CVE-2023-44487/badge.svg" alt="TruePositive verdict for CVE-2023-44487"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

3 verdicts

Not a real issue

to add your verdict.

Community real-world severity: High (High 3) — CVSS base score 7.5

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.