CVE-2020-17527MEDIUM
Description
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
References
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://security.gentoo.org/glsa/202012-23
Details
Source: MITRE
Published: 2020-12-03
Updated: 2021-03-19
Type: CWE-200
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.1 to 8.5.59 (inclusive)
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.1 to 9.0.35 (inclusive)
cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 701330 | Apache Tomcat < 10.0.0-M10 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 148353 | Photon OS 4.0: Apache PHSA-2021-4.0-0007 | Nessus | PhotonOS Local Security Checks | medium |
| 146431 | RHEL 7 / 8 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494) | Nessus | Red Hat Local Security Checks | medium |
| 145727 | EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1175) | Nessus | Huawei Local Security Checks | medium |
| 145386 | Debian DSA-4835-1 : tomcat9 - security update | Nessus | Debian Local Security Checks | medium |
| 145342 | openSUSE Security Update : tomcat (openSUSE-2021-81) | Nessus | SuSE Local Security Checks | medium |
| 145325 | openSUSE Security Update : tomcat (openSUSE-2021-43) | Nessus | SuSE Local Security Checks | medium |
| 112676 | Apache Tomcat 7.0.x < 7.0.107 Information Disclosure | Web Application Scanning | Component Vulnerability | medium |
| 145010 | Amazon Linux AMI : tomcat8 (ALAS-2021-1473) | Nessus | Amazon Linux Local Security Checks | medium |
| 144895 | Photon OS 2.0: Apache PHSA-2021-2.0-0308 | Nessus | PhotonOS Local Security Checks | medium |
| 144614 | GLSA-202012-23 : Apache Tomcat: Information disclosure | Nessus | Gentoo Local Security Checks | medium |
| 144518 | Photon OS 1.0: Apache PHSA-2020-1.0-0350 | Nessus | PhotonOS Local Security Checks | medium |
| 144516 | Photon OS 3.0: Apache PHSA-2020-3.0-0180 | Nessus | PhotonOS Local Security Checks | medium |
| 144462 | Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated) | Nessus | Amazon Linux Local Security Checks | medium |
| 144343 | Debian DLA-2495-1 : tomcat8 security update | Nessus | Debian Local Security Checks | medium |
| 144054 | Apache Tomcat 8.5.x < 8.5.60 Information Disclosure | Nessus | Web Servers | medium |
| 144050 | Apache Tomcat 9.x < 9.0.40 Information Disclosure | Nessus | Web Servers | medium |
| 112669 | Apache Tomcat 8.5.x < 8.5.60 Information Disclosure | Web Application Scanning | Component Vulnerability | medium |
| 112668 | Apache Tomcat 9.0.0.M1 < 9.0.40 Information Disclosure | Web Application Scanning | Component Vulnerability | medium |
| 112667 | Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information Disclosure | Web Application Scanning | Component Vulnerability | medium |