All the vulnerabilites related to tornadoweb - tornado
cve-2024-52804
Vulnerability from cvelistv5
Published
2024-11-22 15:43
Modified
2024-11-22 15:43
Severity ?
EPSS score ?
Summary
Tornado has HTTP cookie parsing DoS vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c | x_refsource_CONFIRM | |
| https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533 | x_refsource_MISC | |
| https://github.com/advisories/GHSA-7pwv-g7hj-39pr | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| tornadoweb | tornado |
{
"containers": {
"cna": {
"affected": [
{
"product": "tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:43:38.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tornadoweb/tornado/security/advisories/GHSA-8w49-h785-mj3c"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/d5ba4a1695fbf7c6a3e54313262639b198291533"
},
{
"name": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-7pwv-g7hj-39pr"
}
],
"source": {
"advisory": "GHSA-8w49-h785-mj3c",
"discovery": "UNKNOWN"
},
"title": "Tornado has HTTP cookie parsing DoS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52804",
"datePublished": "2024-11-22T15:43:38.572Z",
"dateReserved": "2024-11-15T17:11:13.441Z",
"dateUpdated": "2024-11-22T15:43:38.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28370
Vulnerability from cvelistv5
Published
2023-05-25 00:00
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| tornadoweb | Tornado |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tornado",
"vendor": "tornadoweb",
"versions": [
{
"status": "affected",
"version": "versions 6.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/tornadoweb/tornado/releases/tag/v6.3.2"
},
{
"url": "https://jvn.jp/en/jp/JVN45127776/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28370",
"datePublished": "2023-05-25T00:00:00",
"dateReserved": "2023-05-11T00:00:00",
"dateUpdated": "2024-08-02T12:38:25.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9720
Vulnerability from cvelistv5
Published
2020-01-24 17:03
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tornadoweb.org/en/stable/releases/v3.2.2.html | x_refsource_MISC | |
| https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 | x_refsource_MISC | |
| https://bugzilla.novell.com/show_bug.cgi?id=930362 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1222816 | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2015/05/19/4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T17:03:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html",
"refsource": "MISC",
"url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html"
},
{
"name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308",
"refsource": "MISC",
"url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=930362",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=930362"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816"
},
{
"name": "http://openwall.com/lists/oss-security/2015/05/19/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/05/19/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9720",
"datePublished": "2020-01-24T17:03:38",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2374
Vulnerability from cvelistv5
Published
2012-05-23 20:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53612 | vdb-entry, x_refsource_BID | |
| http://www.tornadoweb.org/documentation/releases/v2.2.1.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49185 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/18/6 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2012/05/18/12 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tornadoweb.org/documentation/releases/v2.2.1.html"
},
{
"name": "49185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49185"
},
{
"name": "[oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/6"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/05/18/12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2374",
"datePublished": "2012-05-23T20:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2023-000053
Vulnerability from jvndb
Published
2023-05-22 13:30
Modified
2024-03-21 17:05
Severity ?
Summary
Tornado vulnerable to open redirect
Details
Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| tornadoweb | Tornado |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html",
"dc:date": "2024-03-21T17:05+09:00",
"dcterms:issued": "2023-05-22T13:30+09:00",
"dcterms:modified": "2024-03-21T17:05+09:00",
"description": "Tornado provided by tornadoweb contains a vulnerability that triggers open redirect (CWE-601) under certain non-default configurations.\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000053.html",
"sec:cpe": {
"#text": "cpe:/a:tornadoweb:tornado",
"@product": "Tornado",
"@vendor": "tornadoweb",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000053",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN45127776/index.html",
"@id": "JVN#45127776",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-28370",
"@id": "CVE-2023-28370",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28370",
"@id": "CVE-2023-28370",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Tornado vulnerable to open redirect"
}