HTTP/2 Rapid Reset
DDoS attack exploiting HTTP/2 stream cancellation
Severity CVSS
HIGH 7.5
Exploitation Shoulder
No known exploits
Fix available
Unknown
Is this in your code?
Shoulder scans your codebase and tells you if CVE-2023-44487 is reachable — not just present.
npx @shoulderdev/cli trust .
Technical details
Risk by Environment
Production (public-facing)
HIGH
Patch soon. Exploitation requires specific conditions but impact is severe.
Staging
MEDIUM
Schedule patch. Review if this environment is network-accessible.
Internal services
MEDIUM
Assess exposure. Patch if the service handles sensitive data.
Local dev only
LOW
Minimal risk in isolated dev environments.