CRLF Injection Vulnerability in Tornado Web Framework

CRLF Injection Vulnerability in Tornado Web Framework

CVE-2012-2374 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

Learn more about our Web App Pen Testing.