CVE-2012-2374

Description

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.329

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2012-2374 are fixed in Python-tornado 2.2.1	Windows
Vulnerabilities CVE-2012-2374 are fixed in Python-tornado for linux 2.2.1	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234