CVE-2012-2374

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2012-2374

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2374.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-2374

Aliases

GHSA-f7fv-v9rh-prvc
PYSEC-2012-5

Downstream

DEBIAN-CVE-2012-2374

Published

2012-05-23T20:55:01Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

References

http://secunia.com/advisories/49185
http://www.tornadoweb.org/documentation/releases/v2.2.1.html
http://openwall.com/lists/oss-security/2012/05/18/12
http://www.openwall.com/lists/oss-security/2012/05/18/6
http://www.securityfocus.com/bid/53612

CVE-2012-2374

Affected packages