CVE-2023-39456
Apache Traffic Server: Malformed http/2 frames can cause an abort
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
We have discovered 560 live websites that are affected by CVE-2023-39456.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 41 |
| Vulnerable Domains | 560 live websites (33.31% of ATS install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-39456 and the relative popularity of websitesDetails
- Published - Oct 17, 2023
- Updated - Oct 17, 2023
Credits
- Akshat Parikh (finder)
CWE
CVE References
CWE References
Countries
 United States | 273 websites |
 Germany | 198 websites |
 GB | 46 websites |
 Italy | 31 websites |
 Japan | 4 websites |
 Belgium | 3 websites |
 Netherlands | 2 websites |
 Estonia | 1 websites |
 Finland | 1 websites |
 Hong Kong | 1 websites |
TLDs
| .org | 282 websites |
| .info | 91 websites |
| .com | 28 websites |
| .it | 25 websites |
| .de | 17 websites |
| .org.uk | 12 websites |
| .net | 6 websites |
| .jp | 2 websites |
| .co.jp | 1 websites |
| .eu | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-39456 through included software libraries and plugins.References
- https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
- https://www.debian.org/security/2023/dsa-5549
Websites affected by CVE-2023-39456
Top websites that are affected by CVE-2023-39456. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| *******.*********.org | United States | *** | |
| ***.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*.*********.org | United States | *,*** | |
| ****.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** |