CVE-2020-17527

Description

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

References

Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListThird Party Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Third Party Advisory
Mailing ListThird Party Advisory
Third Party Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Third Party Advisory
Mailing ListVendor Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory
PatchThird Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE