Bug 1216171

Summary: VUL-0: nginx: Rapid reset attack impact (CVE-2023-44487)
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Felix Schnizlein <fschnizlein>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/381678/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1216123    

Description Alexander Bergmann 2023-10-12 11:29:38 UTC 
NGINX team created a patch to mitigate the "Rapid Reset" flood attack even further then with their default configuration. All details can be found inside the blog post.

https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/

Upstream commit:
https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9

We are tracking all "HTTP/2 Rapid Reset Attack" related bugs within bsc#1216123.
Comment 1 Felix Schnizlein 2023-10-17 10:10:16 UTC 
Thanks for letting me know! I will prepare a release asap.