CVE-2020-17527

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

References

https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

http://www.openwall.com/lists/oss-security/2020/12/03/3

https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.guacamole.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://security.netapp.com/advisory/ntap-20201210-0003/

https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

https://security.gentoo.org/glsa/202012-23

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://www.debian.org/security/2021/dsa-4835

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

Details

Source: MITRE

Published: 2020-12-03

Updated: 2021-09-14

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.1 to 8.5.59 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.1 to 9.0.35 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:netapp:element_plug-in:-:*:*:*:*:vcenter_server:*:*

cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.1.3 (inclusive)

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*

cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
150937Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilitiesNessusWeb Servers
high
148986Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU)NessusCGI abuses
critical
148894Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)NessusDatabases
medium
701330Apache Tomcat < 10.0.0-M10 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
148353Photon OS 4.0: Apache PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
146431RHEL 7 : Red Hat JBoss Web Server 5.4.1 Security Update (Moderate) (RHSA-2021:0494)NessusRed Hat Local Security Checks
high
145727EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1175)NessusHuawei Local Security Checks
high
145386Debian DSA-4835-1 : tomcat9 - security updateNessusDebian Local Security Checks
high
145342openSUSE Security Update : tomcat (openSUSE-2021-81)NessusSuSE Local Security Checks
high
145325openSUSE Security Update : tomcat (openSUSE-2021-43)NessusSuSE Local Security Checks
high
112676Apache Tomcat 7.0.x < 7.0.107 Information DisclosureWeb Application ScanningComponent Vulnerability
high
145010Amazon Linux AMI : tomcat8 (ALAS-2021-1473)NessusAmazon Linux Local Security Checks
high
144895Photon OS 2.0: Apache PHSA-2021-2.0-0308NessusPhotonOS Local Security Checks
high
144614GLSA-202012-23 : Apache Tomcat: Information disclosureNessusGentoo Local Security Checks
high
144518Photon OS 1.0: Apache PHSA-2020-1.0-0350NessusPhotonOS Local Security Checks
high
144516Photon OS 3.0: Apache PHSA-2020-3.0-0180NessusPhotonOS Local Security Checks
high
144462Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated)NessusAmazon Linux Local Security Checks
high
144343Debian DLA-2495-1 : tomcat8 security updateNessusDebian Local Security Checks
high
144054Apache Tomcat 8.5.x < 8.5.60 Information DisclosureNessusWeb Servers
high
144050Apache Tomcat 9.x < 9.0.40 Information DisclosureNessusWeb Servers
high
112669Apache Tomcat 8.5.x < 8.5.60 Information DisclosureWeb Application ScanningComponent Vulnerability
high
112668Apache Tomcat 9.0.0.M1 < 9.0.40 Information DisclosureWeb Application ScanningComponent Vulnerability
high
112667Apache Tomcat 10.0.0-M1 < 10.0.0-M10 Information DisclosureWeb Application ScanningComponent Vulnerability
high