CVE-2020-17527 log

Severity Medium
Remote Yes
Type Information disclosure
It was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Group Package Affected Fixed Severity Status Ticket
AVG-1317 tomcat9 9.0.39-2 9.0.40-1 Medium Fixed
AVG-1316 tomcat8 8.5.59-2 8.5.60-1 Medium Fixed
Date Advisory Group Package Severity Type
05 Dec 2020 ASA-202012-4 AVG-1316 tomcat8 Medium information disclosure
05 Dec 2020 ASA-202012-3 AVG-1317 tomcat9 Medium information disclosure