Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Tornado Observable Differences in Behavior to Error Inputs Vulnerability - CVE-2014-9720 - Vulnerability Database
Tornado

Tornado Observable Differences in Behavior to Error Inputs Vulnerability - CVE-2014-9720

Medium
Reference: CVE-2014-9720
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9720
Title: Tornado Observable Differences in Behavior to Error Inputs Vulnerability
Overview:

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.