While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
References
Link Providers
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10 cve-icon
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60 cve-icon
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40 cve-icon
http://www.openwall.com/lists/oss-security/2020/12/03/3 cve-icon cve-icon
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784%40%3Ccommits.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20%40%3Ccommits.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa%40%3Ccommits.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee%40%3Cissues.guacamole.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce%40%3Cissues.guacamole.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1%40%3Cusers.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca%40%3Cusers.tomcat.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-17527 cve-icon
https://security.gentoo.org/glsa/202012-23 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20201210-0003/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-17527 cve-icon
https://www.debian.org/security/2021/dsa-4835 cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-12-03T18:30:14

Updated: 2024-08-04T14:00:48.652Z

Reserved: 2020-08-12T00:00:00

Link: CVE-2020-17527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-03T19:15:12.200

Modified: 2024-11-21T05:08:17.910

Link: CVE-2020-17527

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-12-03T00:00:00Z

Links: CVE-2020-17527 - Bugzilla