CRLF Injection Vulnerability in Tornado Web Framework
CVE-2012-2374 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Learn more about our Web App Pen Testing.