CRLF Injection Vulnerability in Tornado by Tornado Software
CVE-2012-2374
Currently unrated
What is CVE-2012-2374?
A CRLF injection vulnerability exists in the tornado.web.RequestHandler.set_header function in Tornado versions before 2.2.1. This flaw allows remote attackers to inject arbitrary HTTP headers, which can lead to HTTP response splitting attacks. By crafting malicious input, attackers can manipulate the server's response behavior, potentially compromising the integrity of web interactions and allowing for further exploits.
