Description

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Remediation

References

CVE-2012-2374

Related Vulnerabilities

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.30)

WordPress Plugin JupiterX Core Security Bypass (2.0.6)

MySQL Other Vulnerability (CVE-2010-3838)

WordPress Plugin RSS Includes Pages Cross-Site Scripting (3.6)

Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)

Severity

Medium

Classification

CVE-2012-2374 CWE-20

Tags

Missing Update Known Vulnerabilities