Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9720

Опубликовано: 26 мая 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7python-tornadoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-201
https://bugzilla.redhat.com/show_bug.cgi?id=1222816python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH)

EPSS

Процентиль: 75%
0.00904
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9720

CVSS3: 6.5
ubuntu
около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

nvd логотип

CVE-2014-9720

CVSS3: 6.5
nvd
около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

debian логотип

CVE-2014-9720

CVSS3: 6.5
debian
около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...

suse-cvrf логотип

SUSE-SU-2016:1195-1

suse-cvrf
почти 10 лет назад

Security update for python-tornado

github логотип

GHSA-8vpw-mgpf-mpvv

CVSS3: 6.5
github
больше 3 лет назад

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)

EPSS

Процентиль: 75%
0.00904
Низкий

4.3 Medium

CVSS2