MGASA-2021-0020
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 10 Jan 2021, 19:46
Last modified:16 Apr 2026, 04:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Jan 2021, 19:46
Published
Vulnerability first disclosed
16 Apr 2026, 04:25
Last Modified
Vulnerability information updated
Description
Updated tomcat packages fix security vulnerability While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests (CVE-2020-17527). The tomcat package has been updated to version 9.0.39, and patched to fix this issue.
Affected Systems
- mageia•tomcat
< 9.0.39-1.mga7