Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-13943
Summary
If an HTTP/2 client connecting to Apache Tomcat affected versions exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. This issue affects org.apache.tomcat:tomcat-coyote & org.apache.tomcat.embed:tomcat-embed-core versions 8.5.0 through 8.5.57, 9.0.0.M1 through 9.0.37, and 10.0.0-M1 through 10.0.0-M7 and org.apache.tomcat.experimental:tomcat-embed-programmatic version 9.0.38-dev.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-200 - Information Exposure
An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.
References
Advisory Timeline
- Published
