Ô¤¾¯±àºÅ£ºINSPUR-SA-202311-002
³õʼÐû²¼Ê±¼ä£º2023-11-22 16:44:43
¸üÐÂÐû²¼Ê±¼ä£º2023-11-22 16:44:33
Îó²îÐÎò£º
HTTP/2 ÐÒé±£´æ¾Ü¾øЧÀÍÎó²î(CVE-2023-44487)£¬£¬£¬�£¬´ËÎó²îÔÊÐí¶ñÒâ¹¥»÷ÕßÌᳫÕë¶ÔHTTP/2 ЧÀÍÆ÷µÄDDoS¹¥»÷£¬£¬£¬�£¬Ê¹Óà HEADERS ºÍ RST_STREAM·¢ËÍÒ»×éHTTPÇëÇ󣬣¬£¬�£¬²¢Öظ´´ËģʽÒÔÔÚÄ¿µÄ HTTP/2 ЧÀÍÆ÷ÉÏÌìÉú´ó×ÚÁ÷Á¿�¡£¡£Í¨¹ýÔÚµ¥¸öÅþÁ¬Öдò°ü¶à¸öHEADERSºÍRST_STREAMÖ�¡£¡£¬£¬£¬�£¬¿ÉÄܵ¼ÖÂÿÃëÇëÇóÁ¿ÏÔÖøÔöÌí£¬£¬£¬�£¬²¢µ¼ÖÂЧÀÍÆ÷ÉϵÄCPU ʹÓÃÂʽϸߣ¬£¬£¬�£¬×îÖÕµ¼ÖÂ×ÊÔ´ºÄ¾�¡£¡£¬£¬£¬�£¬Ôì³É¾Ü¾øЧÀÍ�¡£¡£
CVSSÆÀ·Ö£º
| CVE |
V3.1 Vector(Base) |
Base Score |
V3.1 Vector(Temporal Score) |
Temporal Score |
| CVE-2023-44487 |
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
7.5 |
E:P/RL:O/RC:C |
6.7 |
ÊÜÓ°Ïì²úÆ·£º
| ²úÆ·Ãû³Æ |
ÊÜÓ°Ïì°æ±¾ |
»º½â¼Æ»® |
| EDR6.0 |
EDR6.0 |
EDR6.0_CVE-2023-44487_install.sh |
| IncloudOS |
IncloudOS V6.x <= 6.8.1 |
IncloudOS_CVE-2023-44487_Disable_HTP2.sh |
ÊÖÒÕϸ½Ú£º
ÎÞ
Îó²î½â¾ö¼Æ»®£º
ÇëÓû§Ö±½ÓÁªÏµ¿Í»§Ð§ÀÍÖ°Ô±£¬£¬£¬�£¬»ñÈ¡²¹¶¡ÒÔ¼°Ïà¹ØµÄÊÖÒÕÖ§³Ö�¡£¡£
FAQ£º
ÎÞ
¸üмͼ£º
20231122-V1.0-Initial Release
yl6776ÓÀÀû¼¯ÍÅÇå¾²Ó¦¼±ÏìÓ¦¶ÔÍâЧÀÍ£º
yl6776ÓÀÀû¼¯ÍÅÒ»Ö±Ö÷Õž¡È«Á¦°ü¹Ü²úÆ·Óû§µÄ×îÖÕÀûÒ棬£¬£¬�£¬×ñÕÕÈÏÕæÈεÄÇå¾²ÊÂÎñÅû¶ÔÔò£¬£¬£¬�£¬²¢Í¨¹ý²úÆ·Çå¾²ÎÊÌâ´¦Öóͷ£»úÖÆ´¦Öóͷ£²úÆ·Çå¾²ÎÊÌâ�¡£¡£
»ñÈ¡ÊÖÒÕÖ§³Ö£º/lcjtww/2317452/2317456/2317460/index.html
±¾ÎĵµÌṩµÄËùÓÐÊý¾ÝºÍÐÅÏ¢½ö¹©²Î¿¼£¬£¬£¬�£¬ÇÒ"°´ÔÑù"Ìṩ£¬£¬£¬�£¬²»ÔÊÐíÈκÎÕÑʾ¡¢Ä¬Ê¾ºÍ·¨¶¨µÄµ£±££¬£¬£¬�£¬°üÀ¨(µ«²»ÏÞÓÚ)¶ÔÊÊÏúÐÔ¡¢ÊÊÓÃÐÔ¼°²»ÇÖȨµÄµ£±£�¡£¡£ÔÚÈκÎÇéÐÎÏ£¬£¬£¬�£¬yl6776ÓÀÀû¼¯ÍÅ»òÆäÖ±½Ó»ò¼ä½Ó¿ØÖƵÄ×Ó¹«Ë¾£¬£¬£¬�£¬»òÆ乩ӦÉÌ£¬£¬£¬�£¬¾ù²î³ØÈκÎÒ»·½ÒòÒÀÀµ»òʹÓñ¾ÐÅÏ¢¶øÔâÊܵÄÈκÎËðʧ¼ç¸ºÔðÈΣ¬£¬£¬�£¬°üÀ¨Ö±½Ó£¬£¬£¬�£¬¼ä½Ó£¬£¬£¬�£¬ÎÞÒ⣬£¬£¬�£¬Ò»¶¨µÄÉÌÒµÀûÈóËðʧ»òÌØÊâËðʧ�¡£¡£yl6776ÓÀÀû¼¯Íű£´æËæʱ¸ü¸Ä»ò¸üдËÎĵµµÄȨÁ¦�¡£¡£
Ñ¡ÔñÓïÑÔ
