CVE-2020-17527high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
References
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://security.netapp.com/advisory/ntap-20201210-0003/
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://security.gentoo.org/glsa/202012-23
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://www.debian.org/security/2021/dsa-4835
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
Details
Source: MITRE
Published: 2020-12-03
Updated: 2021-09-14
Type: CWE-200
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.1 to 8.5.59 (inclusive)
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.1 to 9.0.35 (inclusive)
cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:netapp:element_plug-in:-:*:*:*:*:vcenter_server:*:*
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.1.3 (inclusive)
Configuration 3
OR
Configuration 4
OR
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150937 | Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities | Nessus | Web Servers | high |
| 148986 | Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU) | Nessus | CGI abuses | critical |
| 148894 | Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU) | Nessus | Databases | medium |
| 701330 | Apache Tomcat < 10.0.0-M10 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 148353 | Photon OS 4.0: Apache PHSA-2021-4.0-0007 | Nessus | PhotonOS Local Security Checks | high |
| 146431 | RHEL 7 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494) | Nessus | Red Hat Local Security Checks | high |
| 145727 | EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1175) | Nessus | Huawei Local Security Checks | high |
| 145386 | Debian DSA-4835-1 : tomcat9 - security update | Nessus | Debian Local Security Checks | high |
| 145342 | openSUSE Security Update : tomcat (openSUSE-2021-81) | Nessus | SuSE Local Security Checks | high |
| 145325 | openSUSE Security Update : tomcat (openSUSE-2021-43) | Nessus | SuSE Local Security Checks | high |
| 112676 | Apache Tomcat 7.0.x < 7.0.107 Information Disclosure | Web Application Scanning | Component Vulnerability | high |
| 145010 | Amazon Linux AMI : tomcat8 (ALAS-2021-1473) | Nessus | Amazon Linux Local Security Checks | high |
| 144895 | Photon OS 2.0: Apache PHSA-2021-2.0-0308 | Nessus | PhotonOS Local Security Checks | high |
| 144614 | GLSA-202012-23 : Apache Tomcat: Information disclosure | Nessus | Gentoo Local Security Checks | high |
| 144518 | Photon OS 1.0: Apache PHSA-2020-1.0-0350 | Nessus | PhotonOS Local Security Checks | high |
| 144516 | Photon OS 3.0: Apache PHSA-2020-3.0-0180 | Nessus | PhotonOS Local Security Checks | high |
| 144462 | Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated) | Nessus | Amazon Linux Local Security Checks | high |
| 144343 | Debian DLA-2495-1 : tomcat8 security update | Nessus | Debian Local Security Checks | high |
| 144054 | Apache Tomcat 8.5.x < 8.5.60 Information Disclosure | Nessus | Web Servers | high |
| 144050 | Apache Tomcat 9.x < 9.0.40 Information Disclosure | Nessus | Web Servers | high |
| 112669 | Apache Tomcat 8.5.x < 8.5.60 Information Disclosure | Web Application Scanning | Component Vulnerability | high |
| 112668 | Apache Tomcat 9.0.0.M1 < 9.0.40 Information Disclosure | Web Application Scanning | Component Vulnerability | high |
| 112667 | Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information Disclosure | Web Application Scanning | Component Vulnerability | high |