{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "53612", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53612"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"}, {"name": "49185", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49185"}, {"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"}, {"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/05/18/12"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:34:25.282Z"}, "title": "CVE Program Container", "references": [{"name": "53612", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53612"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"}, {"name": "49185", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49185"}, {"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"}, {"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/05/18/12"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2374", "datePublished": "2012-05-23T20:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:25.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA18C686-5389-4050-BE12-41AE19D8B25D", "versionEndIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0FC9BB6-C8DF-4005-A0C1-3033EEEAFF27", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B65FFB4-E9D9-4A77-90C7-05546A42CA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9E2D090-CFE4-4FE8-A4B8-0E4EB82B5067", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3CD5BA96-6C01-4AE0-8D48-0FE573F0532E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "875E3381-86DE-49FA-86B7-62D0BE0D64B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "28DADA61-8062-4365-9F2F-6E390B468633", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "581CB4AF-DB1E-420B-849A-856CCAA17482", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DDBDE04-1A0B-4FBC-AD93-6B4FACA8C75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tornadoweb:tornado:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD4083C9-1710-4AFC-BFC4-88AF97056334", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."}, {"lang": "es", "value": "La vulnerabilidad de inyecci\u00f3n CRLF en la funci\u00f3n tornado.web.RequestHandler.set_header en Tornado anterior a v2.2.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP mediante una entrada manipulada."}], "id": "CVE-2012-2374", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-23T20:55:01.727", "references": [{"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/05/18/12"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49185"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53612"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/05/18/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}