¸ü¶à Ñ¡ÔñÓïÑÔ
< ·µ»ØÖ÷²Ëµ¥
Çå¾²Ô¤¾¯-Éæ¼°ºÀÔ˹ú¼Ê²¿·Ö²úÆ·µÄHTTP/2 ЭÒé¾Ü¾ø·þÎñÎó²î
Ô¤¾¯±àºÅ£ºINSPUR-SA-202311-002
³õʼÐû²¼Ê±¼ä£º2023-11-22 16:44:43
¸üÐÂÐû²¼Ê±¼ä£º2023-11-22 16:44:33
Îó²îȪԴ£º

¹Ù·½Ðû²¼

Îó²îÓ°Ï죺

¾Ü¾ø·þÎñ

Îó²îÐÎò£º

HTTP/2 ЭÒé±£´æ¾Ü¾ø·þÎñÎó²î(CVE-2023-44487)£¬´ËÎó²îÔÊÐí¶ñÒâ¹¥»÷ÕßÌᳫÕë¶ÔHTTP/2 ·þÎñÆ÷µÄDDoS¹¥»÷£¬Ê¹Óà HEADERS ºÍ RST_STREAM·¢ËÍÒ»×éHTTPÇëÇ󣬲¢Öظ´´ËģʽÒÔÔÚÄ¿µÄ HTTP/2 ·þÎñÆ÷ÉÏÌìÉú´ó×ÚÁ÷Á¿¡£Í¨¹ýÔÚµ¥¸öÅþÁ¬Öдò°ü¶à¸öHEADERSºÍRST_STREAMÖ¡£¬¿ÉÄܵ¼ÖÂÿÃëÇëÇóÁ¿ÏÔÖøÔöÌí£¬²¢µ¼Ö·þÎñÆ÷ÉϵÄCPU ʹÓÃÂʽϸߣ¬×îÖÕµ¼ÖÂ×ÊÔ´ºÄ¾¡£¬Ôì³É¾Ü¾ø·þÎñ¡£

CVSSÆÀ·Ö£º

CVE V3.1 Vector(Base) Base Score V3.1 Vector(Temporal Score) Temporal Score
CVE-2023-44487 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.5 E:P/RL:O/RC:C 6.7

ÊÜÓ°Ïì²úÆ·£º

²úÆ·Ãû³Æ ÊÜÓ°Ïì°æ±¾ »º½â¼Æ»®
EDR6.0 EDR6.0 EDR6.0_CVE-2023-44487_install.sh
IncloudOS IncloudOS V6.x <=  6.8.1 IncloudOS_CVE-2023-44487_Disable_HTP2.sh

ÊÖÒÕϸ½Ú£º

ÎÞ

Îó²î½â¾ö¼Æ»®£º

ÇëÓû§Ö±½ÓÁªÏµ¿Í»§·þÎñÖ°Ô±£¬»ñÈ¡²¹¶¡ÒÔ¼°Ïà¹ØµÄÊÖÒÕÖ§³Ö¡£

FAQ£º

ÎÞ

¸üмͼ£º

20231122-V1.0-Initial Release

ºÀÔ˹ú¼ÊÇå¾²Ó¦¼±ÏìÓ¦¶ÔÍâ·þÎñ£º
ºÀÔ˹ú¼ÊÒ»Ö±Ö÷Õž¡È«Á¦°ü¹Ü²úÆ·Óû§µÄ×îÖÕÀûÒ棬×ñÕÕÈÏÕæÈεÄÇå¾²ÊÂÎñÅû¶ԭÔò£¬²¢Í¨¹ý²úÆ·Çå¾²ÎÊÌâ´¦Öóͷ£»úÖÆ´¦Öóͷ£²úÆ·Çå¾²ÎÊÌâ¡£
·´ÏìºÀÔ˹ú¼Ê²úÆ·Çå¾²ÎÊÌ⣺ /lcjtww/psirt/vulnerability-management/index.html#report_ldbg

»ñÈ¡ÊÖÒÕÖ§³Ö£º/lcjtww/2317452/2317456/2317460/index.html

ÉùÃ÷

±¾ÎĵµÌṩµÄËùÓÐÊý¾ÝºÍÐÅÏ¢½ö¹©²Î¿¼£¬ÇÒ"°´Ô­Ñù"Ìṩ£¬²»ÔÊÐíÈκÎÕÑʾ¡¢Ä¬Ê¾ºÍ·¨¶¨µÄµ£±££¬°üÀ¨(µ«²»ÏÞÓÚ)¶ÔÊÊÏúÐÔ¡¢ÊÊÓÃÐÔ¼°²»ÇÖȨµÄµ£±£¡£ÔÚÈκÎÇéÐÎÏ£¬ºÀÔ˹ú¼Ê»òÆäÖ±½Ó»ò¼ä½Ó¿ØÖƵÄ×Ó¹«Ë¾£¬»òÆ乩ӦÉÌ£¬¾ù²î³ØÈκÎÒ»·½ÒòÒÀÀµ»òʹÓñ¾ÐÅÏ¢¶øÔâÊܵÄÈκÎËðʧ¼ç¸ºÔðÈΣ¬°üÀ¨Ö±½Ó£¬¼ä½Ó£¬ÎÞÒ⣬һ¶¨µÄÉÌÒµÀûÈóËðʧ»òÌØÊâËðʧ¡£ºÀÔ˹ú¼Ê±£´æËæʱ¸ü¸Ä»ò¸üдËÎĵµµÄȨÁ¦¡£

ÔÚ
Ïß
¿Í
·þ
?
Áª
ϵ
ÎÒ
ÃÇ
¡Á
ºÀÔ˹ú¼Ê-×·Çó¿µ½¡,ÄãÎÒÒ»ÆðÉú³¤ ÁªÏµºÀÔ˹ú¼Ê
ERP¡¢ÆóÒµÈí¼þ¹ºÖÃÈÈÏß
400-018-7700
ÔÆ·þÎñ²úÆ·ÏúÊÛÈÈÏß
400-607-6657
¼¯ÍÅ¿Í»§Í¶ËßÈÈÏß
400-691-8711
ÖÇÄÜÖն˲úÆ·¿Í·þÈÈÏß
400-658-6111
ÍøÕ¾µØͼ