Cross-Site Request Forgery Vulnerability in Tornado Framework by Tornado Web
CVE-2014-9720
6.5MEDIUM
What is CVE-2014-9720?
The Tornado web framework prior to version 3.2.2 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability allows attackers to potentially exploit fixed CSRF tokens in responses. By utilizing HTTP compression, a remote attacker may perform a BREACH attack, enabling them to send meticulously crafted requests that can lead to the compromise of sensitive token data.
