Vulnerabilites related to tornadoweb - Tornado
Vulnerability from fkie_nvd
Published
2020-01-24 18:15
Modified
2024-11-21 02:21
Severity ?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", matchCriteriaId: "E20BDD81-6AC3-41B3-80E5-1BFE2E7B895A", versionEndExcluding: "3.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.", }, { lang: "es", value: "Tornado versiones anteriores a 3.2.2, envía respuestas arbitrarias que contienen un token de tipo CSRF fijo y pueden ser enviadas con compresión HTTP, lo que facilita a atacantes remotos conducir un ataque de tipo BREACH y determinar este token por medio de una serie de peticiones diseñadas.", }, ], id: "CVE-2014-9720", lastModified: "2024-11-21T02:21:31.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-24T18:15:12.053", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2015/05/19/4", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=930362", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://openwall.com/lists/oss-security/2015/05/19/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=930362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-25 10:15
Modified
2025-01-16 16:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", matchCriteriaId: "559AF33E-B4AB-43D5-B038-243276BF7DB6", versionEndExcluding: "6.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.", }, ], id: "CVE-2023-28370", lastModified: "2025-01-16T16:15:28.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-25T10:15:09.750", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Product", ], url: "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2", }, { source: "vultures@jpcert.or.jp", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45127776/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://jvn.jp/en/jp/JVN45127776/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-601", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-05-23 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * | |
| tornadoweb | tornado | 1.0 | |
| tornadoweb | tornado | 1.0.1 | |
| tornadoweb | tornado | 1.1 | |
| tornadoweb | tornado | 1.1.1 | |
| tornadoweb | tornado | 1.2 | |
| tornadoweb | tornado | 1.2.1 | |
| tornadoweb | tornado | 2.0 | |
| tornadoweb | tornado | 2.1 | |
| tornadoweb | tornado | 2.1.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", matchCriteriaId: "AA18C686-5389-4050-BE12-41AE19D8B25D", versionEndIncluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.0:*:*:*:*:*:*:*", matchCriteriaId: "D0FC9BB6-C8DF-4005-A0C1-3033EEEAFF27", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B65FFB4-E9D9-4A77-90C7-05546A42CA49", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.1:*:*:*:*:*:*:*", matchCriteriaId: "D9E2D090-CFE4-4FE8-A4B8-0E4EB82B5067", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "3CD5BA96-6C01-4AE0-8D48-0FE573F0532E", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.2:*:*:*:*:*:*:*", matchCriteriaId: "875E3381-86DE-49FA-86B7-62D0BE0D64B8", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "28DADA61-8062-4365-9F2F-6E390B468633", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:2.0:*:*:*:*:*:*:*", matchCriteriaId: "581CB4AF-DB1E-420B-849A-856CCAA17482", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:2.1:*:*:*:*:*:*:*", matchCriteriaId: "0DDBDE04-1A0B-4FBC-AD93-6B4FACA8C75B", vulnerable: true, }, { criteria: "cpe:2.3:a:tornadoweb:tornado:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BD4083C9-1710-4AFC-BFC4-88AF97056334", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.", }, { lang: "es", value: "La vulnerabilidad de inyección CRLF en la función tornado.web.RequestHandler.set_header en Tornado anterior a v2.2.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP mediante una entrada manipulada.", }, ], id: "CVE-2012-2374", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-05-23T20:55:01.727", references: [ { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2012/05/18/12", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/49185", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/05/18/6", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/53612", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2012/05/18/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/49185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/05/18/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/53612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-52804
Vulnerability from cvelistv5
Published
2024-11-22 15:43
Modified
2024-11-25 17:55
Severity ?
EPSS score ?
Summary
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c | x_refsource_CONFIRM | |
| https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533 | x_refsource_MISC | |
| https://github.com/advisories/GHSA-7pwv-g7hj-39pr | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | tornado |
Version: < 6.4.2 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tornado", vendor: "tornadoweb", versions: [ { lessThan: "6.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-52804", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T17:54:41.084248Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-25T17:55:43.782Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tornado", vendor: "tornadoweb", versions: [ { status: "affected", version: "< 6.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T15:43:38.572Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c", }, { name: "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533", tags: [ "x_refsource_MISC", ], url: "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533", }, { name: "https://github.com/advisories/GHSA-7pwv-g7hj-39pr", tags: [ "x_refsource_MISC", ], url: "https://github.com/advisories/GHSA-7pwv-g7hj-39pr", }, ], source: { advisory: "GHSA-8w49-h785-mj3c", discovery: "UNKNOWN", }, title: "Tornado has HTTP cookie parsing DoS vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-52804", datePublished: "2024-11-22T15:43:38.572Z", dateReserved: "2024-11-15T17:11:13.441Z", dateUpdated: "2024-11-25T17:55:43.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9720
Vulnerability from cvelistv5
Published
2020-01-24 17:03
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tornadoweb.org/en/stable/releases/v3.2.2.html | x_refsource_MISC | |
| https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=930362 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1222816 | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2015/05/19/4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:55:04.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=930362", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2015/05/19/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-06-03T00:00:00", descriptions: [ { lang: "en", value: "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-24T17:03:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=930362", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", }, { tags: [ "x_refsource_MISC", ], url: "http://openwall.com/lists/oss-security/2015/05/19/4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9720", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", refsource: "MISC", url: "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", }, { name: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", refsource: "MISC", url: "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", }, { name: "https://bugzilla.novell.com/show_bug.cgi?id=930362", refsource: "MISC", url: "https://bugzilla.novell.com/show_bug.cgi?id=930362", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", }, { name: "http://openwall.com/lists/oss-security/2015/05/19/4", refsource: "MISC", url: "http://openwall.com/lists/oss-security/2015/05/19/4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9720", datePublished: "2020-01-24T17:03:38", dateReserved: "2015-05-19T00:00:00", dateUpdated: "2024-08-06T13:55:04.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2374
Vulnerability from cvelistv5
Published
2012-05-23 20:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53612 | vdb-entry, x_refsource_BID | |
| http://www.tornadoweb.org/documentation/releases/v2.2.1.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49185 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/18/6 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2012/05/18/12 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "53612", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/53612", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", }, { name: "49185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49185", }, { name: "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/05/18/6", }, { name: "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2012/05/18/12", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-04-23T00:00:00", descriptions: [ { lang: "en", value: "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-08-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "53612", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/53612", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.tornadoweb.org/documentation/releases/v2.2.1.html", }, { name: "49185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49185", }, { name: "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/05/18/6", }, { name: "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2012/05/18/12", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2374", datePublished: "2012-05-23T20:00:00", dateReserved: "2012-04-19T00:00:00", dateUpdated: "2024-08-06T19:34:25.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28370
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2025-01-16 15:19
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | Tornado |
Version: versions 6.3.1 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.137Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2", }, { tags: [ "x_transferred", ], url: "https://jvn.jp/en/jp/JVN45127776/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28370", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T15:19:04.826114Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-16T15:19:11.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Tornado", vendor: "tornadoweb", versions: [ { status: "affected", version: "versions 6.3.1 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.", }, ], problemTypes: [ { descriptions: [ { description: "Open redirect", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-25T00:00:00", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2", }, { url: "https://jvn.jp/en/jp/JVN45127776/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2023-28370", datePublished: "2023-05-25T00:00:00", dateReserved: "2023-05-11T00:00:00", dateUpdated: "2025-01-16T15:19:11.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
jvndb-2023-000053
Vulnerability from jvndb
Published
2023-05-22 13:30
Modified
2024-03-21 17:05
Severity ?
Summary
Tornado vulnerable to open redirect
Details
Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| tornadoweb | Tornado |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html", "dc:date": "2024-03-21T17:05+09:00", "dcterms:issued": "2023-05-22T13:30+09:00", "dcterms:modified": "2024-03-21T17:05+09:00", description: "Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", link: "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html", "sec:cpe": { "#text": "cpe:/a:tornadoweb:tornado", "@product": "Tornado", "@vendor": "tornadoweb", "@version": "2.2", }, "sec:cvss": [ { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0", }, { "@score": "3.4", "@severity": "Low", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2023-000053", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN45127776/index.html", "@id": "JVN#45127776", "@source": "JVN", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-28370", "@id": "CVE-2023-28370", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370", "@id": "CVE-2023-28370", "@source": "NVD", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)", }, ], title: "Tornado vulnerable to open redirect", }