Search CVE reports
1 – 5 of 5 results
CVE-2024-52804
Medium priorityTornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...
1 affected package
python-tornado
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-tornado | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2023-28370
Medium prioritySome fixes available 5 of 11
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
2 affected packages
python-tornado, salt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-tornado | Not affected | Fixed | Fixed | Fixed | Fixed |
salt | Not in release | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
CVE-2014-9720
Low priorityTornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of...
1 affected package
python-tornado
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-tornado | — | — | — | Not affected | Not affected |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python2.7, python3.1, python3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2012-2374
Medium priorityCRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
1 affected package
python-tornado
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-tornado | — | — | — | — | — |