Description

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Remediation

References

CVE-2012-2374

Related Vulnerabilities

Joomla! Core 1.5.12 Arbitrary File Upload (1.5.12)

WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)

PHP Other Vulnerability (CVE-2007-1900)

WordPress Plugin Related Sites 'guid' Parameter SQL Injection (2.1)

phpMyAdmin Other Vulnerability (CVE-2007-4306)

Severity

Medium

Classification

CVE-2012-2374 CWE-20

Tags

Missing Update Known Vulnerabilities