CVE-2020-17527

Опубликовано: 03 дек. 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	DNE
esm-apps/bionic	needed
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
esm-infra/xenial	not-affected	code not present
focal	DNE
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Релиз	Статус	Примечание
bionic	released	9.0.16-3ubuntu0.18.04.2
devel	not-affected
esm-apps/bionic	released	9.0.16-3ubuntu0.18.04.2
esm-apps/focal	released	9.0.31-1ubuntu0.2
esm-apps/jammy	not-affected
esm-apps/noble	not-affected
esm-infra-legacy/trusty	DNE
focal	released	9.0.31-1ubuntu0.2
groovy	ignored	end of life
hirsute	not-affected

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-17527

CVSS3: 7.5

redhat

почти 5 лет назад

CVE-2020-17527

CVSS3: 7.5

nvd

почти 5 лет назад

CVE-2020-17527

CVSS3: 7.5

msrc

около 1 месяца назад

Apache Tomcat: Request header mix-up between HTTP/2 streams

CVE-2020-17527

CVSS3: 7.5

debian

почти 5 лет назад

While investigating bug 64830 it was discovered that Apache Tomcat 10. ...

openSUSE-SU-2021:0081-1

suse-cvrf

почти 5 лет назад

Security update for tomcat

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-17527

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости