Search criteria
15 vulnerabilities found for Tornado by tornadoweb
CVE-2025-47287 (GCVE-0-2025-47287)
Vulnerability from cvelistv5 – Published: 2025-05-15 21:17 – Updated: 2025-05-29 06:04
VLAI?
Summary
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | tornado |
Affected:
< 6.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:36:22.375175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:31.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-29T06:04:05.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. When Tornado\u0027s ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T21:17:55.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3"
}
],
"source": {
"advisory": "GHSA-7cx3-6m66-7c5m",
"discovery": "UNKNOWN"
},
"title": "Tornado vulnerable to excessive logging caused by malformed multipart form data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47287",
"datePublished": "2025-05-15T21:17:55.188Z",
"dateReserved": "2025-05-05T16:53:10.374Z",
"dateUpdated": "2025-05-29T06:04:05.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52804 (GCVE-0-2024-52804)
Vulnerability from cvelistv5 – Published: 2024-11-22 15:43 – Updated: 2025-11-03 22:28
VLAI?
Summary
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | tornado |
Affected:
< 6.4.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"lessThan": "6.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:54:41.084248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:55:43.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:40.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:43:38.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533"
},
{
"name": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr"
}
],
"source": {
"advisory": "GHSA-8w49-h785-mj3c",
"discovery": "UNKNOWN"
},
"title": "Tornado has HTTP cookie parsing DoS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52804",
"datePublished": "2024-11-22T15:43:38.572Z",
"dateReserved": "2024-11-15T17:11:13.441Z",
"dateUpdated": "2025-11-03T22:28:40.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28370 (GCVE-0-2023-28370)
Vulnerability from cvelistv5 – Published: 2023-05-25 00:00 – Updated: 2025-11-03 21:47
VLAI?
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Severity ?
6.1 (Medium)
CWE
- Open redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | Tornado |
Affected:
versions 6.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:34.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:19:04.826114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T15:19:11.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "versions 6.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28370",
"datePublished": "2023-05-25T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:47:34.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-9720 (GCVE-0-2014-9720)
Vulnerability from cvelistv5 – Published: 2020-01-24 17:03 – Updated: 2024-08-06 13:55
VLAI?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T17:03:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html",
"refsource": "MISC",
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308",
"refsource": "MISC",
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930362",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"name": "http://openwall.com/lists/oss-security/2015/05/19/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9720",
"datePublished": "2020-01-24T17:03:38",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2374 (GCVE-0-2012-2374)
Vulnerability from cvelistv5 – Published: 2012-05-23 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2374",
"datePublished": "2012-05-23T20:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47287 (GCVE-0-2025-47287)
Vulnerability from nvd – Published: 2025-05-15 21:17 – Updated: 2025-05-29 06:04
VLAI?
Summary
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | tornado |
Affected:
< 6.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:36:22.375175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:36:31.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-29T06:04:05.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. When Tornado\u0027s ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T21:17:55.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3"
}
],
"source": {
"advisory": "GHSA-7cx3-6m66-7c5m",
"discovery": "UNKNOWN"
},
"title": "Tornado vulnerable to excessive logging caused by malformed multipart form data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47287",
"datePublished": "2025-05-15T21:17:55.188Z",
"dateReserved": "2025-05-05T16:53:10.374Z",
"dateUpdated": "2025-05-29T06:04:05.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52804 (GCVE-0-2024-52804)
Vulnerability from nvd – Published: 2024-11-22 15:43 – Updated: 2025-11-03 22:28
VLAI?
Summary
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | tornado |
Affected:
< 6.4.2
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"lessThan": "6.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:54:41.084248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:55:43.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:40.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:43:38.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533"
},
{
"name": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr"
}
],
"source": {
"advisory": "GHSA-8w49-h785-mj3c",
"discovery": "UNKNOWN"
},
"title": "Tornado has HTTP cookie parsing DoS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52804",
"datePublished": "2024-11-22T15:43:38.572Z",
"dateReserved": "2024-11-15T17:11:13.441Z",
"dateUpdated": "2025-11-03T22:28:40.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28370 (GCVE-0-2023-28370)
Vulnerability from nvd – Published: 2023-05-25 00:00 – Updated: 2025-11-03 21:47
VLAI?
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Severity ?
6.1 (Medium)
CWE
- Open redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tornadoweb | Tornado |
Affected:
versions 6.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:34.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T15:19:04.826114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T15:19:11.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "versions 6.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28370",
"datePublished": "2023-05-25T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:47:34.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-9720 (GCVE-0-2014-9720)
Vulnerability from nvd – Published: 2020-01-24 17:03 – Updated: 2024-08-06 13:55
VLAI?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T17:03:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html",
"refsource": "MISC",
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308",
"refsource": "MISC",
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930362",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"name": "http://openwall.com/lists/oss-security/2015/05/19/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9720",
"datePublished": "2020-01-24T17:03:38",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2374 (GCVE-0-2012-2374)
Vulnerability from nvd – Published: 2012-05-23 20:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2374",
"datePublished": "2012-05-23T20:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-52804
Vulnerability from fkie_nvd - Published: 2024-11-22 16:15 - Updated: 2025-11-03 23:17
Severity ?
Summary
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F76085D-6918-4959-959D-9B8A0DFD4724",
"versionEndExcluding": "6.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue."
},
{
"lang": "es",
"value": "Tornado es un framework web de Python y una librer\u00eda de redes asincr\u00f3nicas. El algoritmo utilizado para analizar las cookies HTTP en las versiones de Tornado anteriores a la 6.4.2 a veces tiene una complejidad cuadr\u00e1tica, lo que genera un consumo excesivo de CPU al analizar encabezados de cookies manipulado con fines malintencionados. Este an\u00e1lisis se produce en el hilo del bucle de eventos y puede bloquear el procesamiento de otras solicitudes. La versi\u00f3n 6.4.2 soluciona el problema."
}
],
"id": "CVE-2024-52804",
"lastModified": "2025-11-03T23:17:15.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-11-22T16:15:34.417",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28370
Vulnerability from fkie_nvd - Published: 2023-05-25 10:15 - Updated: 2025-11-03 22:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*",
"matchCriteriaId": "559AF33E-B4AB-43D5-B038-243276BF7DB6",
"versionEndExcluding": "6.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL."
}
],
"id": "CVE-2023-28370",
"lastModified": "2025-11-03T22:16:06.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-25T10:15:09.750",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00000.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-9720
Vulnerability from fkie_nvd - Published: 2020-01-24 18:15 - Updated: 2024-11-21 02:21
Severity ?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E20BDD81-6AC3-41B3-80E5-1BFE2E7B895A",
"versionEndExcluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
},
{
"lang": "es",
"value": "Tornado versiones anteriores a 3.2.2, env\u00eda respuestas arbitrarias que contienen un token de tipo CSRF fijo y pueden ser enviadas con compresi\u00f3n HTTP, lo que facilita a atacantes remotos conducir un ataque de tipo BREACH y determinar este token por medio de una serie de peticiones dise\u00f1adas."
}
],
"id": "CVE-2014-9720",
"lastModified": "2024-11-21T02:21:31.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T18:15:12.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2374
Vulnerability from fkie_nvd - Published: 2012-05-23 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tornadoweb | tornado | * | |
| tornadoweb | tornado | 1.0 | |
| tornadoweb | tornado | 1.0.1 | |
| tornadoweb | tornado | 1.1 | |
| tornadoweb | tornado | 1.1.1 | |
| tornadoweb | tornado | 1.2 | |
| tornadoweb | tornado | 1.2.1 | |
| tornadoweb | tornado | 2.0 | |
| tornadoweb | tornado | 2.1 | |
| tornadoweb | tornado | 2.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA18C686-5389-4050-BE12-41AE19D8B25D",
"versionEndIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FC9BB6-C8DF-4005-A0C1-3033EEEAFF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B65FFB4-E9D9-4A77-90C7-05546A42CA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E2D090-CFE4-4FE8-A4B8-0E4EB82B5067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD5BA96-6C01-4AE0-8D48-0FE573F0532E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "875E3381-86DE-49FA-86B7-62D0BE0D64B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28DADA61-8062-4365-9F2F-6E390B468633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "581CB4AF-DB1E-420B-849A-856CCAA17482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDBDE04-1A0B-4FBC-AD93-6B4FACA8C75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tornadoweb:tornado:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4083C9-1710-4AFC-BFC4-88AF97056334",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n CRLF en la funci\u00f3n tornado.web.RequestHandler.set_header en Tornado anterior a v2.2.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP mediante una entrada manipulada."
}
],
"id": "CVE-2012-2374",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-23T20:55:01.727",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49185"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53612"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
JVNDB-2023-000053
Vulnerability from jvndb - Published: 2023-05-22 13:30 - Updated:2024-03-21 17:05
Severity ?
Summary
Tornado vulnerable to open redirect
Details
Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html",
"dc:date": "2024-03-21T17:05+09:00",
"dcterms:issued": "2023-05-22T13:30+09:00",
"dcterms:modified": "2024-03-21T17:05+09:00",
"description": "Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html",
"sec:cpe": {
"#text": "cpe:/a:tornadoweb:tornado",
"@product": "Tornado",
"@vendor": "tornadoweb",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000053",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45127776/index.html",
"@id": "JVN#45127776",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28370",
"@id": "CVE-2023-28370",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370",
"@id": "CVE-2023-28370",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Tornado vulnerable to open redirect"
}