CVE-2020-17527

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Published: Dec 3, 2020
Updated: Nov 8, 2023
CVE: CVE-2020-17527
GHSA: GHSA-vvw4-rfwf-p6hx
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apache / tomcat	9.0.0-milestone10	9.0.0-milestone10.x
apache / tomcat	9.0.0-milestone11	9.0.0-milestone11.x
apache / tomcat	9.0.0-milestone12	9.0.0-milestone12.x
apache / tomcat	9.0.0-milestone13	9.0.0-milestone13.x
apache / tomcat	9.0.0-milestone14	9.0.0-milestone14.x
apache / tomcat	9.0.0-milestone15	9.0.0-milestone15.x
apache / tomcat	9.0.0-milestone16	9.0.0-milestone16.x
apache / tomcat	9.0.0-milestone17	9.0.0-milestone17.x
apache / tomcat	9.0.0-milestone18	9.0.0-milestone18.x
apache / tomcat	9.0.0-milestone19	9.0.0-milestone19.x
apache / tomcat	9.0.0-milestone20	9.0.0-milestone20.x
apache / tomcat	9.0.0-milestone21	9.0.0-milestone21.x
apache / tomcat	9.0.0-milestone22	9.0.0-milestone22.x
apache / tomcat	9.0.0-milestone23	9.0.0-milestone23.x
apache / tomcat	9.0.0-milestone24	9.0.0-milestone24.x
apache / tomcat	9.0.0-milestone25	9.0.0-milestone25.x
apache / tomcat	9.0.0-milestone26	9.0.0-milestone26.x
apache / tomcat	9.0.0-milestone27	9.0.0-milestone27.x
apache / tomcat	9.0.0-milestone5	9.0.0-milestone5.x
apache / tomcat	9.0.0-milestone6	9.0.0-milestone6.x
apache / tomcat	9.0.0-milestone7	9.0.0-milestone7.x
apache / tomcat	9.0.0-milestone8	9.0.0-milestone8.x
apache / tomcat	9.0.0-milestone9	9.0.0-milestone9.x
apache / tomcat	10.0.0-milestone3	10.0.0-milestone3.x
apache / tomcat	10.0.0-milestone4	10.0.0-milestone4.x
apache / tomcat	10.0.0-milestone2	10.0.0-milestone2.x
apache / tomcat	10.0.0-milestone1	10.0.0-milestone1.x
apache / tomcat	10.0.0-milestone5	10.0.0-milestone5.x
apache / tomcat	10.0.0-milestone6	10.0.0-milestone6.x
apache / tomcat	9.0.36	9.0.36.x
apache / tomcat	9.0.37	9.0.37.x
apache / tomcat	9.0.38	9.0.38.x
apache / tomcat	9.0.39	9.0.39.x
apache / tomcat	10.0.0-milestone7	10.0.0-milestone7.x
apache / tomcat	10.0.0-milestone8	10.0.0-milestone8.x
apache / tomcat	10.0.0-milestone9	10.0.0-milestone9.x
apache / tomcat	9.0.35-3.39.1	9.0.35-3.39.1.x
apache / tomcat	9.0.35-3.57.3	9.0.35-3.57.3.x
apache / tomcat	9.0.1	9.0.35.x
apache / tomcat	8.5.1	8.5.59.x
netapp / oncommand_system_manager	3.0.0	3.1.3.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
oracle / instantis_enterprisetrack	17.1	17.1.x
oracle / instantis_enterprisetrack	17.2	17.2.x
oracle / instantis_enterprisetrack	17.3	17.3.x
oracle / sd-wan_edge	9.0	9.0.x
oracle / workload_manager	18c	18c.x
oracle / workload_manager	19c	19c.x
oracle / mysql_enterprise_monitor	-	8.0.23
oracle / communications_cloud_native_core_binding_support_function	1.10.0	1.10.0.x
oracle / communications_cloud_native_core_policy	1.14.0	1.14.0.x
oracle / communications_instant_messaging_server	10.0.1.5.0	10.0.1.5.0.x
oracle / blockchain_platform	-	21.1.2
org.apache.tomcat / tomcat	10.0.0-M1	10.0.0-M9
org.apache.tomcat / tomcat	9.0.0-M1	9.0.39
org.apache.tomcat / tomcat	8.5.0	8.5.59

Vulnerability Database

289,599

CVE-2020-17527