CVE-2012-2374 in tornadoinfo

Summary

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

04/19/2012

Disclosure

05/23/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.3

EPSS

0.00329

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2374
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2374
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2374/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!