CVE-2012-2374

Published May 23, 2012

Last updated 12 years ago

Overview

Description: CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA18C686-5389-4050-BE12-41AE19D8B25D",
            "versionEndIncluding": "2.2"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0FC9BB6-C8DF-4005-A0C1-3033EEEAFF27"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B65FFB4-E9D9-4A77-90C7-05546A42CA49"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9E2D090-CFE4-4FE8-A4B8-0E4EB82B5067"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD5BA96-6C01-4AE0-8D48-0FE573F0532E"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "875E3381-86DE-49FA-86B7-62D0BE0D64B8"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28DADA61-8062-4365-9F2F-6E390B468633"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "581CB4AF-DB1E-420B-849A-856CCAA17482"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DDBDE04-1A0B-4FBC-AD93-6B4FACA8C75B"
          },
          {
            "criteria": "cpe:2.3:a:tornadoweb:tornado:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD4083C9-1710-4AFC-BFC4-88AF97056334"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References