CVE-2020-17527

MEDIUM

Description

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

References

http://www.openwall.com/lists/oss-security/2020/12/03/3

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

https://security.gentoo.org/glsa/202012-23

https://security.netapp.com/advisory/ntap-20201210-0003/

https://www.debian.org/security/2021/dsa-4835

Details

Source: MITRE

Published: 2020-12-03

Updated: 2021-03-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.1 to 8.5.59 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.1 to 9.0.35 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
701330Apache Tomcat < 10.0.0-M10 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
148353Photon OS 4.0: Apache PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
medium
146431RHEL 7 / 8 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494)NessusRed Hat Local Security Checks
medium
145727EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1175)NessusHuawei Local Security Checks
medium
145386Debian DSA-4835-1 : tomcat9 - security updateNessusDebian Local Security Checks
medium
145342openSUSE Security Update : tomcat (openSUSE-2021-81)NessusSuSE Local Security Checks
medium
145325openSUSE Security Update : tomcat (openSUSE-2021-43)NessusSuSE Local Security Checks
medium
112676Apache Tomcat 7.0.x < 7.0.107 Information DisclosureWeb Application ScanningComponent Vulnerability
medium
145010Amazon Linux AMI : tomcat8 (ALAS-2021-1473)NessusAmazon Linux Local Security Checks
medium
144895Photon OS 2.0: Apache PHSA-2021-2.0-0308NessusPhotonOS Local Security Checks
medium
144614GLSA-202012-23 : Apache Tomcat: Information disclosureNessusGentoo Local Security Checks
medium
144518Photon OS 1.0: Apache PHSA-2020-1.0-0350NessusPhotonOS Local Security Checks
medium
144516Photon OS 3.0: Apache PHSA-2020-3.0-0180NessusPhotonOS Local Security Checks
medium
144462Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated)NessusAmazon Linux Local Security Checks
medium
144343Debian DLA-2495-1 : tomcat8 security updateNessusDebian Local Security Checks
medium
144054Apache Tomcat 8.5.x < 8.5.60 Information DisclosureNessusWeb Servers
medium
144050Apache Tomcat 9.x < 9.0.40 Information DisclosureNessusWeb Servers
medium
112669Apache Tomcat 8.5.x < 8.5.60 Information DisclosureWeb Application ScanningComponent Vulnerability
medium
112668Apache Tomcat 9.0.0.M1 < 9.0.40 Information DisclosureWeb Application ScanningComponent Vulnerability
medium
112667Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information DisclosureWeb Application ScanningComponent Vulnerability
medium