—

PYSEC-2012-5

상세

CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / tornado

최초 영향 버전: 0 수정 버전: 2.2.1

수정 pip install --upgrade 'tornado>=2.2.1'

참고

http://www.tornadoweb.org/documentation/releases/v2.2.1.html [WEB]
http://openwall.com/lists/oss-security/2012/05/18/12 [WEB]
http://secunia.com/advisories/49185 [ADVISORY]
http://www.securityfocus.com/bid/53612 [WEB]
http://www.openwall.com/lists/oss-security/2012/05/18/6 [WEB]