CVE-2014-9720: python-tornado XSRF cookie BREACH

2015-05-19T00:00:00
ID CVE-2014-9720
Type cve
Reporter NVD
Modified 2015-05-19T00:00:00

Description

python-tornado is vulnerable to BREACH attack, caused by an error in the XSRF cookie. By sending a series of specially-crafted requests, a remote attacker could exploit this vulnerability to allow a side-channel attack against TLS. This vulnerability was demonstrated at BlackHat 2013 and a corresponding tool released known as "BREACH".