Candidate: CVE-2012-2374
PublicDate: 2012-05-23 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2374
 http://www.openwall.com/lists/oss-security/2012/05/18
 http://www.tornadoweb.org/documentation/releases/v2.2.1.html
Description:
 CRLF injection vulnerability in the tornado.web.RequestHandler.set_header
 function in Tornado before 2.2.1 allows remote attackers to inject
 arbitrary HTTP headers and conduct HTTP response splitting attacks via
 crafted input.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.gentoo.org/show_bug.cgi?id=415903
 https://bugzilla.redhat.com/show_bug.cgi?id=822852
 https://launchpad.net/bugs/1003019
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-tornado:
upstream_python-tornado: released (2.2.1)
hardy_python-tornado: DNE
lucid_python-tornado: DNE
natty_python-tornado: not-affected (2.x only)
oneiric_python-tornado: not-affected (2.x only)
precise_python-tornado: released (2.1.0-2ubuntu0.1)
devel_python-tornado: not-affected (2.3-2)