[<prev] [next>] [day] [month] [year] [list]
Message-ID: <c5bf3041-13a2-fa1a-b8b2-d70fcbdb24c1@apache.org>
Date: Thu, 3 Dec 2020 18:07:07 +0000
From: Mark Thomas <markt@...che.org>
To: oss-security@...ts.openwall.com
Subject: [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M9
Apache Tomcat 9.0.0.M5 to 9.0.39
Apache Tomcat 8.5.1 to 8.5.59
Description:
While investigating Bug 64830 it was discovered that Apache Tomcat could
re-use an HTTP request header value from the previous stream received
on an HTTP/2 connection for the request associated with the subsequent
stream. While this would most likely lead to an error and the closure of
the HTTP/2 connection, it is possible that information could leak
between requests.
Mitigation:
- Upgrade to Apache Tomcat 10.0.0-M10 or later
- Upgrade to Apache Tomcat 9.0.40 or later
- Upgrade to Apache Tomcat 8.5.60 or later
Credit:
This issue was identified by the Apache Tomcat Security Team.
References:
[1] http://tomcat.apache.org/security-10.html
[2] http://tomcat.apache.org/security-9.html
[3] http://tomcat.apache.org/security-8.html
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
