CVE-2020-1935

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

References

https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E

https://security.netapp.com/advisory/ntap-20200327-0005/

https://www.debian.org/security/2020/dsa-4673

https://www.debian.org/security/2020/dsa-4680

https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://usn.ubuntu.com/4448-1/

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

Details

Source: MITRE

Published: 2020-02-24

Updated: 2021-05-04

Type: CWE-444

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 4.8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Impact Score: 2.5

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 7.0.0 to 7.0.99 (inclusive)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.0 to 8.5.50 (inclusive)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.0 to 9.0.30 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from 3.0.0 to 3.1.3 (inclusive)

Configuration 6

OR

cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:* versions from 17.1 to 17.3 (inclusive)

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 4.0.0 to 4.0.12 (inclusive)

cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* versions from 8.0.0 to 8.0.20 (inclusive)

cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* versions up to 20.5 (inclusive)

cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*

cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
148890RHEL 7 : tomcat (RHSA-2021:1030)NessusRed Hat Local Security Checks
medium
147834RHEL 7 : tomcat (RHSA-2021:0882)NessusRed Hat Local Security Checks
medium
147349NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Multiple Vulnerabilities (NS-SA-2021-0028)NessusNewStart CGSL Local Security Checks
medium
145002Amazon Linux AMI : tomcat7 (ALAS-2021-1472)NessusAmazon Linux Local Security Checks
medium
144458Amazon Linux AMI : tomcat7 (ALAS-2020-1472) (deprecated)NessusAmazon Linux Local Security Checks
medium
144429Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2020-5020)NessusVirtuozzo Local Security Checks
medium
143056CentOS 7 : tomcat (CESA-2020:5020)NessusCentOS Local Security Checks
medium
142818Scientific Linux Security Update : tomcat on SL7.x (noarch) (2020:5020)NessusScientific Linux Local Security Checks
medium
142746Oracle Linux 7 : tomcat (ELSA-2020-5020)NessusOracle Linux Local Security Checks
medium
142708RHEL 7 : tomcat (RHSA-2020:5020)NessusRed Hat Local Security Checks
medium
139368Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)NessusUbuntu Local Security Checks
medium
139323RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 10 (RHSA-2020:3303)NessusRed Hat Local Security Checks
medium
136951Debian DLA-2209-1 : tomcat8 security updateNessusDebian Local Security Checks
critical
136376Debian DSA-4680-1 : tomcat9 - security updateNessusDebian Local Security Checks
critical
136369Debian DSA-4673-1 : tomcat8 - security updateNessusDebian Local Security Checks
critical
135773RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3 release (Important) (RHSA-2020:1520)NessusRed Hat Local Security Checks
critical
134872Photon OS 3.0: Apache PHSA-2020-3.0-0069NessusPhotonOS Local Security Checks
critical
134794EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1302)NessusHuawei Local Security Checks
critical
134620openSUSE Security Update : tomcat (openSUSE-2020-345)NessusSuSE Local Security Checks
critical
134575Amazon Linux AMI : tomcat8 (ALAS-2020-1353)NessusAmazon Linux Local Security Checks
critical
134574Amazon Linux AMI : tomcat7 (ALAS-2020-1352)NessusAmazon Linux Local Security Checks
critical
134243Debian DLA-2133-1 : tomcat7 security updateNessusDebian Local Security Checks
critical
98948Apache Tomcat 7.0.x < 7.0.100 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98947Apache Tomcat 8.5.x < 8.5.51 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98946Apache Tomcat 9.0.0.M1 < 9.0.31 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
133845Apache Tomcat 7.0.x < 7.0.100 / 8.5.x < 8.5.51 / 9.0.x < 9.0.31 Multiple VulnerabilitiesNessusWeb Servers
critical