Support Content Notification - Support Portal

Symantec Security Advisory for HTTP/2 Continuation Flood

Product/Component

Notification Id

23218

Last Updated

09 July 2024

Initial Publication Date

05 April 2024

Status

OPEN

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

Summary

Symantec, A Division of Broadcom is investigating "Continuation Flood", which is a vulnerability in HTTP/2.

Affected Product(s)

The following Symantec SaaS services were found to be affected. If a vulnerability was remediated in a SaaS service, customers do not need to take any additional action:

Web Isolation (WI) Cloud - Remediated. No action required.

Additional Product Information

The following products are not vulnerable:

Advanced Secure Gateway (ASG)
BCAAA
CloudSOC Cloud Access Security Broker (CASB)
Cloud Workload Protection (CWP)
Cloud SWG (WSS)
Content Analysis
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud
Edge Secure Web Gateway (SWG)
Email Security.cloud
HSM Agent
Industrial Control System Protection (ICSP)
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)
LiveUpdate Administrator (LUA)
Management Center (MC)
Mirror Gateway
Reporter
Secure Access Cloud (SAC)
SSL Visibility (SSLV)
Symantec Endpoint Detection and Response (EDR) On-premise
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Protection (SEP) Mobile
Symantec Endpoint Security (SES)
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Threat Defense for Active Directory (TDAD)
Web Isolation (WI) On-Premise

References

HTTP/2 Continuation Flood - https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Revisions

2024-04-05 10:30 PT - Initial Release
2024-04-08 10:30 PT - Moved SSL Visibility (SSLV), Cloud Workload Protection (CWP), Email Security.cloud, and Secure Access Cloud (SAC) to "Not Vulnerable".
2024-04-08 14:30 PT - Moved IT Analytics and Web Isolated to "Not Vulnerable".
2024-04-22 14:00 PT - Moved Mirror Gateway to "Not Vulnerable". Split Web Isolation (WI) On-Premise and Web Isolation (WI) Cloud. Moved Web Isolation (WI) Cloud to "Affected", but already remediated.