CVE-2020-17527
Published at:
-
03-12-2020 08:15
Last modified:
-
12-05-2022 04:47
Total changes:
-
13
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
None
Availability
High
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
Verification logic
Reference
- https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E
- [tomcat-announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [tomcat-dev] 20201203 svn commit: r1884073 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-8.html xdocs/security-9.html-Mailing List, Vendor Advisory
- [tomcat-users] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [tomcat-dev] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [oss-security] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Third Party Advisory
- [guacamole-issues] 20201206 [jira] [Created] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527-Mailing List, Vendor Advisory
- [guacamole-issues] 20201206 [jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527-Mailing List, Vendor Advisory
- [tomee-commits] 20201207 [jira] [Created] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.-Mailing List, Vendor Advisory
- [tomee-commits] 20201207 [jira] [Assigned] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.-Mailing List, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20201210-0003/
- [debian-lts-announce] 20201216 [SECURITY] [DLA 2495-1] tomcat8 security update-Mailing List, Third Party Advisory
- GLSA-202012-23-Third Party Advisory
- [tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-7.html xdocs/security-8.html xdocs/security-9.html-Mailing List, Vendor Advisory
- [announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [tomcat-users] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [tomcat-announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- [tomcat-dev] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up-Mailing List, Vendor Advisory
- DSA-4835-Third Party Advisory
- [tomee-commits] 20210319 [jira] [Updated] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.html
- N/A-Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Keywords