Description

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Remediation

References

CVE-2012-2374

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)

WordPress Plugin WP Symposium Arbitrary File Upload (14.11)

Django Improper Input Validation Vulnerability (CVE-2012-3443)

Oracle JRE CVE-2022-21341 Vulnerability (CVE-2022-21341)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0788)

Severity

Medium

Classification

CVE-2012-2374 CWE-20

Tags

Missing Update Known Vulnerabilities