CVE-2020-17527
Apache Tomcat: Request header mix-up between HTTP/2 streams
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Al investigar el error 64830, se detectó que Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M9, versiones 9.0.0-M1 hasta 9.0.39 y versiones 8.5.0 hasta 8.5.59, podría reutilizar un valor de encabezado de petición HTTP de la transmisión anterior recibida en una conexión HTTP/2 para la petición asociada con la transmisión posterior. Si bien esto probablemente conllevaría a un error y al cierre de la conexión HTTP/2, es posible que la información podría filtrarse entre peticiones
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-12 CVE Reserved
- 2020-12-03 CVE Published
- 2021-02-09 First Exploit
- 2024-08-04 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (27)
URL | Date | SRC |
---|---|---|
https://github.com/forse01/CVE-2020-17527-Tomcat | 2021-02-09 |
URL | Date | SRC |
---|---|---|
https://www.oracle.com//security-alerts/cpujul2021.html | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuApr2021.html | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpujan2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 8.5.1 <= 8.5.59 Search vendor "Apache" for product "Tomcat" and version " >= 8.5.1 <= 8.5.59" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | >= 9.0.1 <= 9.0.35 Search vendor "Apache" for product "Tomcat" and version " >= 9.0.1 <= 9.0.35" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone10 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone11 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone12 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone13 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone14 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone15 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone16 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone17 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone18 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone19 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone20 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone21 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone22 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone23 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone24 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone25 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone26 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone27 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone5 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone6 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone7 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone8 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0" | milestone9 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.35-3.39.1 Search vendor "Apache" for product "Tomcat" and version "9.0.35-3.39.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.35-3.57.3 Search vendor "Apache" for product "Tomcat" and version "9.0.35-3.57.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.36 Search vendor "Apache" for product "Tomcat" and version "9.0.36" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.37 Search vendor "Apache" for product "Tomcat" and version "9.0.37" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.38 Search vendor "Apache" for product "Tomcat" and version "9.0.38" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 9.0.39 Search vendor "Apache" for product "Tomcat" and version "9.0.39" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone1 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone2 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone3 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone4 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone5 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone6 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone7 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone8 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 10.0.0 Search vendor "Apache" for product "Tomcat" and version "10.0.0" | milestone9 |
Affected
| ||||||
Netapp Search vendor "Netapp" | Element Plug-in Search vendor "Netapp" for product "Element Plug-in" | - | vcenter_server |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand System Manager Search vendor "Netapp" for product "Oncommand System Manager" | >= 3.0.0 <= 3.1.3 Search vendor "Netapp" for product "Oncommand System Manager" and version " >= 3.0.0 <= 3.1.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Blockchain Platform Search vendor "Oracle" for product "Blockchain Platform" | < 21.1.2 Search vendor "Oracle" for product "Blockchain Platform" and version " < 21.1.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" | 1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "1.10.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Instant Messaging Server Search vendor "Oracle" for product "Communications Instant Messaging Server" | 10.0.1.5.0 Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.5.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.1 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.2 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor" | < 8.0.23 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " < 8.0.23" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Sd-wan Edge Search vendor "Oracle" for product "Sd-wan Edge" | 9.0 Search vendor "Oracle" for product "Sd-wan Edge" and version "9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Workload Manager Search vendor "Oracle" for product "Workload Manager" | 18c Search vendor "Oracle" for product "Workload Manager" and version "18c" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Workload Manager Search vendor "Oracle" for product "Workload Manager" | 19c Search vendor "Oracle" for product "Workload Manager" and version "19c" | - |
Affected
|