CRLF Injection Vulnerability in Tornado by Tornado Software
CVE-2012-2374

Currently unrated

Key Information:

Vendor

Tornadoweb

Status
Vendor
CVE Published:
23 May 2012

What is CVE-2012-2374?

A CRLF injection vulnerability exists in the tornado.web.RequestHandler.set_header function in Tornado versions before 2.2.1. This flaw allows remote attackers to inject arbitrary HTTP headers, which can lead to HTTP response splitting attacks. By crafting malicious input, attackers can manipulate the server's response behavior, potentially compromising the integrity of web interactions and allowing for further exploits.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.