Lucene search

PRIOn knowledge basePRION:CVE-2020-17527

HistoryDec 03, 2020 - 7:15 p.m.

Cross site request forgery (csrf)

2020-12-0319:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

CPENameOperatorVersion
tomcateq9.0.0 milestone10
tomcateq9.0.0 milestone11
tomcateq9.0.0 milestone12
tomcateq9.0.0 milestone13
tomcateq9.0.0 milestone14
tomcateq9.0.0 milestone15
tomcateq9.0.0 milestone16
tomcateq9.0.0 milestone17
tomcateq9.0.0 milestone18
tomcateq9.0.0 milestone19

Name	Operator	Version
tomcat	eq	9.0.0 milestone10
tomcat	eq	9.0.0 milestone11
tomcat	eq	9.0.0 milestone12
tomcat	eq	9.0.0 milestone13
tomcat	eq	9.0.0 milestone14
tomcat	eq	9.0.0 milestone15
tomcat	eq	9.0.0 milestone16
tomcat	eq	9.0.0 milestone17
tomcat	eq	9.0.0 milestone18
tomcat	eq	9.0.0 milestone19

Rows per page:

1-10 of 571

References

www.openwall.com/lists/oss-security/2020/12/03/3

lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784%40%3Ccommits.tomee.apache.org%3E

lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20%40%3Ccommits.tomee.apache.org%3E

lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa%40%3Ccommits.tomee.apache.org%3E

lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee%40%3Cissues.guacamole.apache.org%3E

lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce%40%3Cissues.guacamole.apache.org%3E

lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1%40%3Cusers.tomcat.apache.org%3E

lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca%40%3Cusers.tomcat.apache.org%3E

lists.debian.org/debian-lts-announce/2020/12/msg00022.html

security.gentoo.org/glsa/202012-23

security.netapp.com/advisory/ntap-20201210-0003/

www.debian.org/security/2021/dsa-4835

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html