// For flags

CVE-2020-17527

Apache Tomcat: Request header mix-up between HTTP/2 streams

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Al investigar el error 64830, se detectó que Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M9, versiones 9.0.0-M1 hasta 9.0.39 y versiones 8.5.0 hasta 8.5.59, podría reutilizar un valor de encabezado de petición HTTP de la transmisión anterior recibida en una conexión HTTP/2 para la petición asociada con la transmisión posterior. Si bien esto probablemente conllevaría a un error y al cierre de la conexión HTTP/2, es posible que la información podría filtrarse entre peticiones

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-12 CVE Reserved
  • 2020-12-03 CVE Published
  • 2021-02-09 First Exploit
  • 2024-08-04 CVE Updated
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (27)
URL Tag Source
http://www.openwall.com/lists/oss-security/2020/12/03/3 Mailing List
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784%40%3Ccommits.tomee.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20%40%3Ccommits.tomee.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa%40%3Ccommits.tomee.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee%40%3Cissues.guacamole.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce%40%3Cissues.guacamole.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1%40%3Cusers.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca%40%3Cusers.tomcat.apache.org%3E Mailing List
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html Mailing List
https://security.netapp.com/advisory/ntap-20201210-0003 Third Party Advisory
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
>= 8.5.1 <= 8.5.59
Search vendor "Apache" for product "Tomcat" and version " >= 8.5.1 <= 8.5.59"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
>= 9.0.1 <= 9.0.35
Search vendor "Apache" for product "Tomcat" and version " >= 9.0.1 <= 9.0.35"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone10
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone11
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone12
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone13
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone14
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone15
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone16
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone17
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone18
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone19
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone20
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone21
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone22
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone23
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone24
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone25
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone26
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone27
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone5
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone6
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone7
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone8
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone9
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.35-3.39.1
Search vendor "Apache" for product "Tomcat" and version "9.0.35-3.39.1"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.35-3.57.3
Search vendor "Apache" for product "Tomcat" and version "9.0.35-3.57.3"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.36
Search vendor "Apache" for product "Tomcat" and version "9.0.36"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.37
Search vendor "Apache" for product "Tomcat" and version "9.0.37"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.38
Search vendor "Apache" for product "Tomcat" and version "9.0.38"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
9.0.39
Search vendor "Apache" for product "Tomcat" and version "9.0.39"
-
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone1
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone2
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone3
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone4
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone5
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone6
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone7
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone8
Affected
Apache
Search vendor "Apache"
Tomcat
Search vendor "Apache" for product "Tomcat"
10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone9
Affected
Netapp
Search vendor "Netapp"
Element Plug-in
Search vendor "Netapp" for product "Element Plug-in"
-vcenter_server
Affected
Netapp
Search vendor "Netapp"
Oncommand System Manager
Search vendor "Netapp" for product "Oncommand System Manager"
>= 3.0.0 <= 3.1.3
Search vendor "Netapp" for product "Oncommand System Manager" and version " >= 3.0.0 <= 3.1.3"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Oracle
Search vendor "Oracle"
Blockchain Platform
Search vendor "Oracle" for product "Blockchain Platform"
< 21.1.2
Search vendor "Oracle" for product "Blockchain Platform" and version " < 21.1.2"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
1.10.0
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.10.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Policy
Search vendor "Oracle" for product "Communications Cloud Native Core Policy"
1.14.0
Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Instant Messaging Server
Search vendor "Oracle" for product "Communications Instant Messaging Server"
10.0.1.5.0
Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
17.1
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.1"
-
Affected
Oracle
Search vendor "Oracle"
Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
17.2
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.2"
-
Affected
Oracle
Search vendor "Oracle"
Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
17.3
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.3"
-
Affected
Oracle
Search vendor "Oracle"
Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
< 8.0.23
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " < 8.0.23"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Edge
Search vendor "Oracle" for product "Sd-wan Edge"
9.0
Search vendor "Oracle" for product "Sd-wan Edge" and version "9.0"
-
Affected
Oracle
Search vendor "Oracle"
Workload Manager
Search vendor "Oracle" for product "Workload Manager"
18c
Search vendor "Oracle" for product "Workload Manager" and version "18c"
-
Affected
Oracle
Search vendor "Oracle"
Workload Manager
Search vendor "Oracle" for product "Workload Manager"
19c
Search vendor "Oracle" for product "Workload Manager" and version "19c"
-
Affected