Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2374

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Related bugs and status

CVE-2012-2374 (Candidate) is related to these bugs:

Bug #1003019: CVE-2012-2374

		In	Importance	Status
1003019	CVE-2012-2374	python-tornado (Ubuntu)	Undecided	Fix Released
1003019	CVE-2012-2374	python-tornado (Debian)	Unknown	Fix Released
1003019	CVE-2012-2374	python-tornado (Ubuntu Precise)	Undecided	Fix Released

Bug #1047432: [MIR] python-tornado

Summary				In	Importance	Status
	1047432	[MIR] python-tornado		python-tornado (Ubuntu)	Critical	Fix Released

Bug #1990191: [MIR] promote python3-tornado as a pcs dependency

Summary				In	Importance	Status
	1990191	[MIR] promote python3-tornado as a pcs dependency		python-tornado (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.openwall.co...
MISC: http://openwall.com/li...
MISC: http://www.tornadoweb....