CVE-2020-1935 — MEDIUM (4.8)

Q: How severe is CVE-2020-1935?

CVE-2020-1935 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-1935?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap, Netapp Data Availability Services.

Vulnerability Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Tomcat	>= 7.0.0, <= 7.0.99
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.1
Netapp	Data Availability Services	-
Netapp	Oncommand System Manager	>= 3.0.0, <= 3.1.3
Oracle	Agile Engineering Data Management	6.2.1.0
Oracle	Agile Product Lifecycle Management	9.3.3
Oracle	Communications Element Manager	8.1.1
Oracle	Communications Instant Messaging Server	10.0.1.4.0
Oracle	Health Sciences Empirica Inspections	1.0.1.2
Oracle	Health Sciences Empirica Signal	7.3.3
Oracle	Hospitality Guest Access	4.2.0
Oracle	Hyperion Infrastructure Technology	11.1.2.4
Oracle	Instantis Enterprisetrack	>= 17.1, <= 17.3
Oracle	Mysql Enterprise Monitor	>= 4.0.0, <= 4.0.12
Oracle	Retail Order Broker	15.0
Oracle	Siebel Ui Framework	<= 20.5
Oracle	Transportation Management	6.3.7
Oracle	Workload Manager	12.2.0.1

Related Weaknesses (CWE)

CWE-444

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.htmlBroken LinkMailing ListThird Party Advisory
https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e02Mailing ListVendor Advisory
https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e9
https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff18
https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15e
https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748
https://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe3
https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d14
https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a392
https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db0
https://lists.debian.org/debian-lts-announce/2020/03/msg00006.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20200327-0005/Third Party Advisory
https://usn.ubuntu.com/4448-1/Third Party Advisory
https://www.debian.org/security/2020/dsa-4673Third Party Advisory

FAQ

What is CVE-2020-1935?

CVE-2020-1935 is a vulnerability with a CVSS score of 4.8 (MEDIUM). In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as val...

How severe is CVE-2020-1935?

CVE-2020-1935 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1935?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap, Netapp Data Availability Services.