Vulnerabilities
Vulnerable Software
Tornadoweb:  >> Tornado  >> 2.0  Security Vulnerabilities
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-05-25
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-01-24
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-05-23


Contact Us

Shodan ® - All rights reserved