Lucene search
ApacheCVELIST:CVE-2020-17527HistoryDec 03, 2020 - 6:30 p.m.
CVE-2020-17527 Apache Tomcat: Request header mix-up between HTTP/2 streams
2020-12-0318:30:14
CWE-200
apache
raw.githubusercontent.com
1
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Related
nessus
nessus
openSUSE Security Update : tomcat (openSUSE-2021-81)
2021-01-25 00:00:00
GLSA-202012-23 : Apache Tomcat: Information disclosure
2020-12-28 00:00:00
Debian DLA-2495-1 : tomcat8 security update
2020-12-17 00:00:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-02-09 22:58:06
tomcat8 - security update
2020-12-16 00:00:00
BIT-tomcat-2020-17527
2024-03-06 11:11:37
openvas
openvas
Apache Tomcat HTTP/2 Vulnerability (Dec 2020) - Windows
2020-12-04 00:00:00
Mageia: Security Advisory (MGASA-2021-0020)
2022-01-28 00:00:00
openSUSE: Security Advisory for tomcat (openSUSE-SU-2021:0043-1)
2021-04-16 00:00:00
amazon
amazon
Medium: tomcat8
2020-12-16 20:52:00
Medium: tomcat8
2021-01-12 22:52:00
ibm
ibm
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-02-09 22:58:06
mageia
mageia
Updated tomcat packages fix security vulnerability
2021-01-10 22:46:12
ubuntucve
ubuntucve
CVE-2020-17527
2020-12-03 00:00:00
cisa
cisa
Apache Releases Security Advisory for Apache Tomcat
2020-12-04 00:00:00
debian
debian
[SECURITY] [DLA 2495-1] tomcat8 security update
2020-12-16 17:29:02
[SECURITY] [DSA 4835-1] tomcat9 security update
2021-01-22 18:48:45
suse
suse
Security update for tomcat (moderate)
2021-01-16 00:00:00
Security update for tomcat (moderate)
2021-01-11 00:00:00
debiancve
debiancve
CVE-2020-17527
2020-12-03 19:15:00
veracode
veracode
Denial Of Service (DoS)
2020-12-04 02:58:16
redhatcve
redhatcve
CVE-2020-17527
2020-12-03 21:23:17
prion
prion
Cross site request forgery (csrf)
2020-12-03 19:15:00
f5
f5
K44415301 : Apache Tomcat vulnerability CVE-2020-17527
2020-12-31 00:00:00
archlinux
archlinux
[ASA-202012-3] tomcat9: information disclosure
2020-12-05 00:00:00
[ASA-202012-4] tomcat8: information disclosure
2020-12-05 00:00:00
cve
cve
CVE-2020-17527
2020-12-03 19:15:00
gentoo
gentoo
Apache Tomcat: Information disclosure
2020-12-24 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
2024-06-01 15:23:42
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
2024-06-01 15:23:42
photon
photon
Important Photon OS Security Update - PHSA-2020-0180
2020-12-17 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0350
2020-12-19 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0180
2020-12-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.60
2020-11-17 00:00:00
Fixed in Apache Tomcat 10.0.0-M10
2020-11-17 00:00:00
Fixed in Apache Tomcat 9.0.40
2020-11-17 00:00:00
redhat
redhat
(RHSA-2021:0495) Moderate: Red Hat JBoss Web Server 5.4.1 Security Update
2021-02-11 13:46:15
(RHSA-2021:0494) Moderate: Red Hat JBoss Web Server 5.4.1 Security Update
2021-02-11 13:39:58
kaspersky
kaspersky
KLA12087 Multiple vulnerabilities in Apache Tomcat
2020-11-17 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2022-03-31 00:00:00
symantec
symantec
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
2021-03-16 19:59:07
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00