Vulnerability Description
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | >= 8.5.1, <= 8.5.59 |
| Netapp | Element Plug-In | - |
| Netapp | Oncommand System Manager | >= 3.0.0, <= 3.1.3 |
| Debian | Debian Linux | 9.0 |
| Oracle | Blockchain Platform | < 21.1.2 |
| Oracle | Communications Cloud Native Core Binding Support Function | 1.10.0 |
| Oracle | Communications Cloud Native Core Policy | 1.14.0 |
| Oracle | Communications Instant Messaging Server | 10.0.1.5.0 |
| Oracle | Instantis Enterprisetrack | 17.1 |
| Oracle | Mysql Enterprise Monitor | < 8.0.23 |
| Oracle | Sd-Wan Edge | 9.0 |
| Oracle | Workload Manager | 18c |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/12/03/3Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce31
- https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce19
- https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465
- https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe
- https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398
- https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198
- https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab6
- https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab6
- https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb41781
- https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b
- https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104
- https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86
- https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e8
- https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e8Mailing ListVendor Advisory
FAQ
What is CVE-2020-17527?
CVE-2020-17527 is a vulnerability with a CVSS score of 7.5 (HIGH). While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream rec...
How severe is CVE-2020-17527?
CVE-2020-17527 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-17527?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Netapp Element Plug-In, Netapp Oncommand System Manager, Debian Debian Linux, Oracle Blockchain Platform.