Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-17527

Published: 03/12/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 9.0.0

apache tomcat 10.0.0

apache tomcat 9.0.36

apache tomcat 9.0.37

apache tomcat 9.0.38

apache tomcat 9.0.39

apache tomcat 9.0.35-3.39.1

apache tomcat 9.0.35-3.57.3

apache tomcat

netapp oncommand system manager

netapp element plug-in -

debian debian linux 9.0

debian debian linux 10.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle sd-wan edge 9.0

oracle workload manager 18c

oracle workload manager 19c

oracle mysql enterprise monitor

oracle communications cloud native core binding support function 1.10.0

oracle communications cloud native core policy 1.14.0

oracle communications instant messaging server 10.0.1.5.0

oracle blockchain platform

Vendor Advisories

Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities
Several security issues were fixed in Tomcat ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update
Synopsis Moderate: Red Hat JBoss Web Server 541 Security Update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 541 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and WindowsRed Hat Product Security has rated this release as having a sec ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update
Synopsis Moderate: Red Hat JBoss Web Server 541 Security Update Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 541 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated this release as having a secur ...
Debian Security Advisories: DSA-4835-1 tomcat9 -- security update
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u3 We recommend that you upgrade your tomcat9 packages For the detailed security status of tomcat9 please refer to its security tracke ...
Amazon Linux AMI: ALAS-2021-1473
While investigating bug 64830 it was discovered that Apache Tomcat 1000-M1 to 1000-M9, 900-M1 to 9039 and 850 to 8559 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream While this would most likely lead to an error and the closure of ...
Amazon Linux 2: ALASTOMCAT8.5-2023-010
While investigating bug 64830 it was discovered that Apache Tomcat 1000-M1 to 1000-M9, 900-M1 to 9039 and 850 to 8559 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream While this would most likely lead to an error and the closure of ...
Arch Linux Issues:
It was discovered that Apache Tomcat 1000-M1 to 1000-M9, 900-M1 to 9039 and 850 to 8559 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream While this would most likely lead to an error and the closure of the HTTP/2 connection, it is p ...

Mailing Lists

Full Disclosure: [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 1000-M1 to 1000-M9 Apache Tomcat 900M5 to 9039 Apache Tomcat 851 to 8559 Description: While investigating Bug 64830 it was discovered that Apache Tomcat could re-use an HTTP request he ...

Github Repositories

https://github.com/forse01/CVE-2020-12345-Apache

CVE-2020-17527-Tomcat

https://github.com/forse01/CVE-2020-17527-Tomcat

CVE-2020-17527-Tomcat

References

CWE-200https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2020/12/03/3https://security.netapp.com/advisory/ntap-20201210-0003/https://lists.debian.org/debian-lts-announce/2020/12/msg00022.htmlhttps://security.gentoo.org/glsa/202012-23https://www.debian.org/security/2021/dsa-4835https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce%40%3Cissues.guacamole.apache.org%3Ehttps://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee%40%3Cissues.guacamole.apache.org%3Ehttps://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20%40%3Ccommits.tomee.apache.org%3Ehttps://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5360-1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692CVE-2012-1823memory leakCVE-2024-0627CVE-2024-31402privilege escalationCVE-2024-36418remote code executionCVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook