Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-17527

Опубликовано: 03 дек. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

esm-apps/bionic

needed

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

code not present
focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

released

9.0.16-3ubuntu0.18.04.2
devel

not-affected

esm-apps/bionic

released

9.0.16-3ubuntu0.18.04.2
esm-apps/focal

released

9.0.31-1ubuntu0.2
esm-apps/jammy

not-affected

esm-apps/noble

not-affected

esm-infra-legacy/trusty

DNE

focal

released

9.0.31-1ubuntu0.2
groovy

ignored

end of life
hirsute

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.08457
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-17527

CVSS3: 7.5
redhat
больше 4 лет назад

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

nvd логотип

CVE-2020-17527

CVSS3: 7.5
nvd
больше 4 лет назад

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

debian логотип

CVE-2020-17527

CVSS3: 7.5
debian
больше 4 лет назад

While investigating bug 64830 it was discovered that Apache Tomcat 10. ...

suse-cvrf логотип

openSUSE-SU-2021:0081-1

suse-cvrf
больше 4 лет назад

Security update for tomcat

suse-cvrf логотип

openSUSE-SU-2021:0043-1

suse-cvrf
больше 4 лет назад

Security update for tomcat

EPSS

Процентиль: 92%
0.08457
Низкий

5 Medium

CVSS2

7.5 High

CVSS3