{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2020-17527",
        "STATE": "PUBLIC",
        "TITLE": "Apache Tomcat: Request header mix-up between HTTP/2 streams"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Tomcat",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_name": "Apache Tomcat 10",
                                            "version_value": "10.0.0-M1 to 10.0.0-M9"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_name": "Apache Tomcat 9",
                                            "version_value": "9.0.0-M1 to 9.0.39"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_name": "Apache Tomcat 8.5",
                                            "version_value": "8.5.0 to 8.5.59"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {},
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-200 Information Exposure"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E",
                "name": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20201203 svn commit: r1884073 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
                "url": "https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-users] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[oss-security] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "http://www.openwall.com/lists/oss-security/2020/12/03/3"
            },
            {
                "refsource": "MLIST",
                "name": "[guacamole-issues] 20201206 [jira] [Created] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527",
                "url": "https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240b7e20f09b092cce@%3Cissues.guacamole.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[guacamole-issues] 20201206 [jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527",
                "url": "https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f98198b4a9726190d7ee@%3Cissues.guacamole.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomee-commits] 20201207 [jira] [Created] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.",
                "url": "https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d3398d963c2fff3abfa@%3Ccommits.tomee.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomee-commits] 20201207 [jira] [Assigned] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.",
                "url": "https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce314371e235ff1784@%3Ccommits.tomee.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20201216 [SECURITY] [DLA 2495-1] tomcat8 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202012-23",
                "url": "https://security.gentoo.org/glsa/202012-23"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
                "url": "https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d86e5e740258c8937@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e1465a5efafd16b99ed@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab63a6c64df5c010d@%3Cannounce.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-users] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up",
                "url": "https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c5104314b4038f697e1@%3Cusers.tomcat.apache.org%3E"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4835",
                "url": "https://www.debian.org/security/2021/dsa-4835"
            },
            {
                "refsource": "MLIST",
                "name": "[tomee-commits] 20210319 [jira] [Updated] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.",
                "url": "https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1971783c6e5f9b20@%3Ccommits.tomee.apache.org%3E"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20201210-0003/",
                "url": "https://security.netapp.com/advisory/ntap-20201210-0003/"
            },
            {
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}