First published: Thu Dec 03 2020(Updated: )
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jws5-tomcat | <0:9.0.36-9.redhat_8.1.el7 | 0:9.0.36-9.redhat_8.1.el7 |
redhat/jws5-tomcat-native | <0:1.2.25-3.redhat_3.el7 | 0:1.2.25-3.redhat_3.el7 |
redhat/jws5-tomcat | <0:9.0.36-9.redhat_8.1.el8 | 0:9.0.36-9.redhat_8.1.el8 |
redhat/jws5-tomcat-native | <0:1.2.25-3.redhat_3.el8 | 0:1.2.25-3.redhat_3.el8 |
redhat/tomcat | <10.0.0 | 10.0.0 |
redhat/tomcat | <9.0.40 | 9.0.40 |
redhat/tomcat | <8.5.60 | 8.5.60 |
IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 | |
maven/org.apache.tomcat:tomcat-coyote | >=8.5.0<8.5.60 | 8.5.60 |
maven/org.apache.tomcat:tomcat-coyote | >=9.0.0-M1<9.0.40 | 9.0.40 |
maven/org.apache.tomcat:tomcat-coyote | >=10.0.0-M1<10.0.0-M10 | 10.0.0-M10 |
Apache Tomcat | >=8.5.1<=8.5.59 | |
Apache Tomcat | >=9.0.1<=9.0.35 | |
Apache Tomcat | =9.0.0-milestone10 | |
Apache Tomcat | =9.0.0-milestone11 | |
Apache Tomcat | =9.0.0-milestone12 | |
Apache Tomcat | =9.0.0-milestone13 | |
Apache Tomcat | =9.0.0-milestone14 | |
Apache Tomcat | =9.0.0-milestone15 | |
Apache Tomcat | =9.0.0-milestone16 | |
Apache Tomcat | =9.0.0-milestone17 | |
Apache Tomcat | =9.0.0-milestone18 | |
Apache Tomcat | =9.0.0-milestone19 | |
Apache Tomcat | =9.0.0-milestone20 | |
Apache Tomcat | =9.0.0-milestone21 | |
Apache Tomcat | =9.0.0-milestone22 | |
Apache Tomcat | =9.0.0-milestone23 | |
Apache Tomcat | =9.0.0-milestone24 | |
Apache Tomcat | =9.0.0-milestone25 | |
Apache Tomcat | =9.0.0-milestone26 | |
Apache Tomcat | =9.0.0-milestone27 | |
Apache Tomcat | =9.0.0-milestone5 | |
Apache Tomcat | =9.0.0-milestone6 | |
Apache Tomcat | =9.0.0-milestone7 | |
Apache Tomcat | =9.0.0-milestone8 | |
Apache Tomcat | =9.0.0-milestone9 | |
Apache Tomcat | =9.0.35-3.39.1 | |
Apache Tomcat | =9.0.35-3.57.3 | |
Apache Tomcat | =9.0.36 | |
Apache Tomcat | =9.0.37 | |
Apache Tomcat | =9.0.38 | |
Apache Tomcat | =9.0.39 | |
Apache Tomcat | =10.0.0-milestone1 | |
Apache Tomcat | =10.0.0-milestone2 | |
Apache Tomcat | =10.0.0-milestone3 | |
Apache Tomcat | =10.0.0-milestone4 | |
Apache Tomcat | =10.0.0-milestone5 | |
Apache Tomcat | =10.0.0-milestone6 | |
Apache Tomcat | =10.0.0-milestone7 | |
Apache Tomcat | =10.0.0-milestone8 | |
Apache Tomcat | =10.0.0-milestone9 | |
Netapp Element Plug-in Vcenter Server | ||
NetApp OnCommand System Manager | >=3.0.0<=3.1.3 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Oracle Blockchain Platform | <21.1.2 | |
Oracle Communications Cloud Native Core Binding Support Function | =1.10.0 | |
Oracle Communications Cloud Native Core Policy | =1.14.0 | |
Oracle Communications Instant Messaging Server | =10.0.1.5.0 | |
Oracle Instantis Enterprisetrack | =17.1 | |
Oracle Instantis Enterprisetrack | =17.2 | |
Oracle Instantis Enterprisetrack | =17.3 | |
Oracle Mysql Enterprise Monitor | <8.0.23 | |
Oracle SD-WAN Edge | =9.0 | |
Oracle Workload Manager | =18c | |
Oracle Workload Manager | =19c | |
debian/tomcat9 | 9.0.43-2~deb11u10 9.0.70-2 9.0.95-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The severity of CVE-2020-17527 is high.
CVE-2020-17527 affects Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39, and 8.5.0 to 8.5.59.
To fix CVE-2020-17527 in Apache Tomcat, update to version 10.0.0-M10, 9.0.40, or 8.5.60.
Yes, you can find references for CVE-2020-17527 at the following links: [reference 1](https://www.cve.org/CVERecord?id=CVE-2020-17527), [reference 2](https://nvd.nist.gov/vuln/detail/CVE-2020-17527), [reference 3](http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M10), [reference 4](http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.60), [reference 5](http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40), [reference 6](https://bugzilla.redhat.com/show_bug.cgi?id=1904221), [reference 7](https://access.redhat.com/errata/RHSA-2021:5134).
The Common Weakness Enumeration (CWE) ID for CVE-2020-17527 is 200.