Tornado Improper Input Validation Vulnerability - CVE-2012-2374 - Vulnerability Database

Tornado Improper Input Validation Vulnerability - CVE-2012-2374

Medium

Reference: CVE-2012-2374

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-2374

Title: Tornado Improper Input Validation Vulnerability

Overview:

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.