Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2023-28370

Medium priority

Some fixes available 2 of 11

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

2 affected packages

python-tornado, salt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Not affected Needs evaluation Needs evaluation Needs evaluation Fixed
salt Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2014-9720

Low priority
Ignored

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of...

1 affected packages

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado Not affected Not affected
Show less packages

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzr Not affected Not affected Not affected Not affected Not affected
linkchecker Not affected Not affected Not in release Not affected Not affected
python-tornado Not affected Not affected Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected Not affected Not affected
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.1 Not in release Not in release Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release Not in release Not in release
python3.3 Not in release Not in release Not in release Not in release Not in release
w3af Not in release Not in release Not in release Not in release Vulnerable
zeroinstall-injector Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2012-2374

Medium priority
Fixed

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

1 affected packages

python-tornado

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-tornado
Show less packages