While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2020-12-03T18:30:14
Updated: 2024-08-04T14:00:48.652Z
Reserved: 2020-08-12T00:00:00
Link: CVE-2020-17527
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-03T19:15:12.200
Modified: 2024-11-21T05:08:17.910
Link: CVE-2020-17527
Redhat