CVE-2020-17527

HIGH

Apache Tomcat <10.0.0-M9, 9.0.39, 8.5.59 - Info Disclosure

Title source: llm

Description

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Exploits (1)

nomisec STUB 2 stars

by forse01 · poc

https://github.com/forse01/CVE-2020-17527-Tomcat

View Code ZIP pw:eip

References (24)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/12/03/3

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html

[Third Party Advisory] https://security.gentoo.org/glsa/202012-23

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20201210-0003/

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4835

[Patch, Third Party Advisory] https://www.oracle.com//security-alerts/cpujul2021.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2022.html

[Mailing List] https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784%40%3Ccommits.tomee.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20%40%3Ccommits.tomee.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa%40%3Ccommits.tomee.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee%40%3Cissues.guacamole.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce%40%3Cissues.guacamole.apache.org%3E

... and 4 more

Scores

CVSS v3 7.5

EPSS 0.1051

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (20)

apache/tomcat 9.0.0 milestone10 (23 CPE variants)

apache/tomcat 9.0.35-3.39.1

apache/tomcat 9.0.35-3.57.3

apache/tomcat 9.0.36

apache/tomcat 9.0.37

apache/tomcat 9.0.38

apache/tomcat 9.0.39

apache/tomcat 10.0.0 milestone1 (9 CPE variants)

apache/tomcat 8.5.1 - 8.5.59

debian/debian_linux 9.0

... and 10 more

Published Dec 03, 2020

Tracked Since Feb 18, 2026