CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52804 – Tornado has HTTP cookie parsing DoS vulnerability
https://notcve.org/view.php?id=CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue. • https://github.com/advisories/GHSA-7pwv-g7hj-39pr https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533 https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28370 – python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations
https://notcve.org/view.php?id=CVE-2023-28370
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL. • https://github.com/tornadoweb/tornado/releases/tag/v6.3.2 https://jvn.jp/en/jp/JVN45127776 https://access.redhat.com/security/cve/CVE-2023-28370 https://bugzilla.redhat.com/show_bug.cgi?id=2210199 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9720
https://notcve.org/view.php?id=CVE-2014-9720
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. Tornado versiones anteriores a 3.2.2, envía respuestas arbitrarias que contienen un token de tipo CSRF fijo y pueden ser enviadas con compresión HTTP, lo que facilita a atacantes remotos conducir un ataque de tipo BREACH y determinar este token por medio de una serie de peticiones diseñadas. • http://openwall.com/lists/oss-security/2015/05/19/4 http://www.tornadoweb.org/en/stable/releases/v3.2.2.html https://bugzilla.novell.com/show_bug.cgi?id=930362 https://bugzilla.redhat.com/show_bug.cgi?id=1222816 https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 • CWE-203: Observable Discrepancy •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2374
https://notcve.org/view.php?id=CVE-2012-2374
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. La vulnerabilidad de inyección CRLF en la función tornado.web.RequestHandler.set_header en Tornado anterior a v2.2.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP mediante una entrada manipulada. • http://openwall.com/lists/oss-security/2012/05/18/12 http://secunia.com/advisories/49185 http://www.openwall.com/lists/oss-security/2012/05/18/6 http://www.securityfocus.com/bid/53612 http://www.tornadoweb.org/documentation/releases/v2.2.1.html • CWE-20: Improper Input Validation •