Lucene search

K
amazonAmazonALAS2-2023-2133
HistoryJul 17, 2023 - 5:39 p.m.

Medium: python3-tornado

2023-07-1717:39:00
alas.aws.amazon.com
6
tornado vulnerability
open redirect
phishing attack
cve-2023-28370
amazon linux 2
yum update
new packages
red hat
mitre

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%

Issue Overview:

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. (CVE-2023-28370)

Affected Packages:

python3-tornado

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update python3-tornado to update your system.

New Packages:

aarch64:  
    python3-tornado-5.0.2-4.amzn2.0.3.aarch64  
    python3-tornado-doc-5.0.2-4.amzn2.0.3.aarch64  
    python3-tornado-debuginfo-5.0.2-4.amzn2.0.3.aarch64  
  
i686:  
    python3-tornado-5.0.2-4.amzn2.0.3.i686  
    python3-tornado-doc-5.0.2-4.amzn2.0.3.i686  
    python3-tornado-debuginfo-5.0.2-4.amzn2.0.3.i686  
  
src:  
    python3-tornado-5.0.2-4.amzn2.0.3.src  
  
x86_64:  
    python3-tornado-5.0.2-4.amzn2.0.3.x86_64  
    python3-tornado-doc-5.0.2-4.amzn2.0.3.x86_64  
    python3-tornado-debuginfo-5.0.2-4.amzn2.0.3.x86_64  

Additional References

Red Hat: CVE-2023-28370

Mitre: CVE-2023-28370

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.3%