CVE-2020-27218

First published: Fri Nov 27 2020(Updated: )

### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.

Credit: emo@eclipse.org emo@eclipse.org emo@eclipse.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• collector/mitre-cve
• agent/type
• agent/first-publish-date
• agent/remedy
• agent/severity
• agent/author
• agent/weakness
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2020-27218
• agent/software-canonical-lookup
• agent/event
• agent/description
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-86wm-rrjm-8wh8
• agent/last-modified-date
• collector/github-advisory
• collector/ibm-support
• source/IBM
• agent/references
• agent/softwarecombine
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-cve
• source/NVD
• collector/nvd-api
• package-manager/redhat
• package-manager/maven
• vendor/ibm
• canonical/ibm secure proxy
• version/ibm secure proxy/6.0.2
• version/ibm secure proxy/6.0.1
• canonical/ibm sterling secure proxy
• version/ibm sterling secure proxy/3.4.3.2
• vendor/eclipse
• canonical/eclipse jetty
• version/eclipse jetty/9.4.0
• version/eclipse jetty/10.0.0-alpha0
• version/eclipse jetty/10.0.0-alpha1
• version/eclipse jetty/10.0.0-beta0
• version/eclipse jetty/10.0.0-beta1
• version/eclipse jetty/10.0.0-beta2
• version/eclipse jetty/11.0.0-alpha0
• version/eclipse jetty/11.0.0-beta1
• version/eclipse jetty/11.0.0-beta2
• vendor/netapp
• canonical/netapp oncommand system manager
• version/netapp oncommand system manager/3.0
• version/netapp oncommand system manager/3.1.3
• canonical/netapp snap creator framework
• vendor/oracle
• canonical/oracle blockchain platform
• canonical/oracle communications converged application server - service controller
• version/oracle communications converged application server - service controller/6.2
• canonical/oracle communications offline mediation controller
• version/oracle communications offline mediation controller/12.0.0.3.0
• canonical/oracle communications pricing design center
• version/oracle communications pricing design center/12.0.0.3.0
• canonical/oracle communications services gatekeeper
• version/oracle communications services gatekeeper/7.0
• canonical/oracle communications session route manager
• version/oracle communications session route manager/8.0.0
• version/oracle communications session route manager/8.2.4
• canonical/oracle flexcube private banking
• version/oracle flexcube private banking/12.0.0
• version/oracle flexcube private banking/12.1.0
• canonical/oracle hyperion infrastructure technology
• version/oracle hyperion infrastructure technology/11.1.2.6.0
• canonical/oracle rest data services
• canonical/oracle retail eftlink
• version/oracle retail eftlink/20.0.0
• canonical/oracle siebel core - automation
• version/oracle siebel core - automation/21.5
• vendor/apache
• canonical/apache kafka
• version/apache kafka/2.7.0
• canonical/apache spark
• version/apache spark/2.4.8
• version/apache spark/3.0.3
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/10.0