HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487)

Update from October 20, 2023

The Dynatrace team has finished the analysis of the HTTP/2 Rapid Reset Attack vulnerability. None of the Dynatrace components are affected.

Update from October 12, 2023

The Dynatrace team is actively reviewing the recently published HTTP/2 Rapid Reset Attack vulnerability (CVE-2023-44487).

To date, none of the following Dynatrace components are affected by this vulnerability:

  • Dynatrace SaaS
  • Dynatrace Managed
  • Dynatrace OneAgent
  • Dynatrace ActiveGate
  • Dynatrace Operator

The Dynatrace team will continue to assess the situation and provide further status updates on this page.


This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email

RSS feed Report issue