Vulnerability CVE-2020-17527 - CERT Civis.Net

Vulnerability Name:

CVE-2020-17527 (CCN-192612)

Assigned:

2020-12-03

Published:

2020-12-03

Updated:

2022-05-12

Summary:

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-17527

Source: CCN
Type: Apache Web site
Apache Tomcat

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: XF
Type: UNKNOWN
apache-cve202017527-info-disc(192612)

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20201207 [jira] [Assigned] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20210319 [jira] [Updated] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20201207 [jira] [Created] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[guacamole-issues] 20201206 [jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20201203 svn commit: r1884073 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

Source: MLIST
Type: Mailing List, Vendor Advisory
[guacamole-issues] 20201206 [jira] [Created] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-users] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-users] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20201216 [SECURITY] [DLA 2495-1] tomcat8 security update

Source: CCN
Type: oss-sec Mailing List, Thu, 3 Dec 2020 18:07:07 +0000
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: GENTOO
Type: Third Party Advisory
GLSA-202012-23

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-4835

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6434169 (App Connect Professional)
App Connect Professional is affected by Apache Tomcat vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6453463 (Control Center)
Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center

Source: CCN
Type: IBM Security Bulletin 6475673 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6550782 (UrbanCode Release)
IBM UrbanCode Release is affected by CVE-2020-17527

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 8.5.1 and <= 8.5.59)

OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 9.0.1 and <= 9.0.35)

OR cpe:/a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.1.3)

OR cpe:/a:netapp:element_plug-in:-:*:*:*:*:vcenter_server:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:workload_manager:18c:*:*:*:*:*:*:*

OR cpe:/a:oracle:workload_manager:19c:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version < 8.0.23)

OR cpe:/a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version < 21.1.2)

Configuration CCN 1:

cpe:/a:apache:tomcat:10.0.0:m1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.59:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.39:*:*:*:*:*:*:*

AND

cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:18:*:*:*:*:*:*:*

OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*

OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p8:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8171	P	Security update for golang-github-prometheus-prometheus (Important)	2023-06-21
oval:org.opensuse.security:def:8142	P	Security update for jetty-minimal (Moderate)	2023-06-19
oval:org.opensuse.security:def:51958	P	Security update for grub2 (Important)	2022-11-21
oval:org.opensuse.security:def:643	P	Security update for python-paramiko (Important) (in QA)	2022-09-30
oval:org.opensuse.security:def:3544	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95174	P	tomcat-9.0.36-150200.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:113536	P	tomcat-9.0.36-8.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:5922	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:106932	P	tomcat-9.0.36-8.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:2329	P	tomcat-9.0.36-3.24.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101419	P	tomcat-9.0.36-3.24.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63418	P	tomcat-9.0.36-3.24.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:102183	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:110675	P	Security update for tomcat (Moderate)	2021-01-16
oval:org.opensuse.security:def:111274	P	Security update for tomcat (Moderate)	2021-01-11
oval:org.opensuse.security:def:10189	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:94208	P	(Moderate)	2021-01-07
oval:org.opensuse.security:def:102826	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:104855	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:97206	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:69260	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:98165	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:91823	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:66493	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:75561	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:94419	P	(Moderate)	2021-01-07
oval:org.opensuse.security:def:5404	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:100696	P	(Moderate)	2021-01-07
oval:org.opensuse.security:def:108849	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:97207	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:69575	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:8688	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:93782	P	(Moderate)	2021-01-07
oval:org.opensuse.security:def:98773	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:95470	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:67011	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:76079	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:109492	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:97208	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:70329	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:9435	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:93997	P	(Moderate)	2021-01-07
oval:org.opensuse.security:def:96136	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:69231	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:118588	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:91200	P	Security update for tomcat (Moderate)	2021-01-07
oval:org.opensuse.security:def:88190	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:59539	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:125603	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:33716	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:88506	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:59797	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:126770	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:33974	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:89194	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:60360	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:127167	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:34537	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:23970	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:89452	P	Security update for tomcat (Moderate)	2021-01-05