HIGH 7.5 PyPI
Tornado CRLF injection vulnerability
GHSA-f7fv-v9rh-prvc · CVE-2012-2374 · PYSEC-2012-5
Published · Modified
Description
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-2374
- WEB https://github.com/tornadoweb/tornado/commit/1ae91f6d58e6257e0ab49d295d8741ce1727bdb7
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2012-5.yaml
- PACKAGE https://github.com/tornadoweb/tornado
- WEB https://web.archive.org/web/20140720192646/http://secunia.com/advisories/49185
- WEB https://web.archive.org/web/20200229124524/http://www.securityfocus.com/bid/53612
- WEB http://openwall.com/lists/oss-security/2012/05/18/12
- WEB http://www.openwall.com/lists/oss-security/2012/05/18/6
- WEB http://www.tornadoweb.org/documentation/releases/v2.2.1.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes