While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://security.netapp.com/advisory/ntap-20201210-0003/
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://security.gentoo.org/glsa/202012-23
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://www.debian.org/security/2021/dsa-4835
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
Source: MITRE
Published: 2020-12-03
Updated: 2022-05-12
Type: CWE-200
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH