CRLF Injection Vulnerability in Tornado by Tornado Software
CVE-2012-2374

Currently unrated

Key Information:

Vendor

Tornadoweb

Status
Tornado
Vendor
CVE Published:
23 May 2012

What is CVE-2012-2374?

A CRLF injection vulnerability exists in the tornado.web.RequestHandler.set_header function in Tornado versions before 2.2.1. This flaw allows remote attackers to inject arbitrary HTTP headers, which can lead to HTTP response splitting attacks. By crafting malicious input, attackers can manipulate the server's response behavior, potentially compromising the integrity of web interactions and allowing for further exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/53612
vdb-entryx_refsource_BID
http://www.tornadoweb.org/documentation/releases/v2.2.1.html
x_refsource_CONFIRM
http://secunia.com/advisories/49185
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.