exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2014-9720

около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS3: 6.5

EPSS: Низкий

CVE-2014-9720

больше 11 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS2: 4.3

EPSS: Низкий

CVE-2014-9720

около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS3: 6.5

EPSS: Низкий

CVE-2014-9720

около 6 лет назад

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...

CVSS3: 6.5

EPSS: Низкий

SUSE-SU-2016:1195-1

почти 10 лет назад

Security update for python-tornado

EPSS: Низкий

GHSA-8vpw-mgpf-mpvv

больше 3 лет назад

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2014-9720 Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.	CVSS3: 6.5	1% Низкий	около 6 лет назад
CVE-2014-9720 Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.	CVSS2: 4.3	1% Низкий	больше 11 лет назад
CVE-2014-9720 Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.	CVSS3: 6.5	1% Низкий	около 6 лет назад
CVE-2014-9720 Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...	CVSS3: 6.5	1% Низкий	около 6 лет назад
SUSE-SU-2016:1195-1 Security update for python-tornado		1% Низкий	почти 10 лет назад
GHSA-8vpw-mgpf-mpvv Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)	CVSS3: 6.5	1% Низкий	больше 3 лет назад

Уязвимостей на страницу