Lucene search

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)

🗓️ 17 May 2022 19:19:57Reported by GitHub Advisory DatabaseType

Tornado XSRF cookie allows side-channel attack against TL

Reporter	Title	Published	Views	Family All 28
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2014-9720	4 Mar 202500:00	–	nessus
Tenable Nessus	Debian DLA-475-1 : python-tornado security update	16 May 201600:00	–	nessus
Tenable Nessus	SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)	4 May 201600:00	–	nessus
Tenable Nessus	RHEL 7 : python-tornado (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	openSUSE Security Update : python-tornado (openSUSE-2015-741)	17 Nov 201500:00	–	nessus
Tenable Nessus	Fedora 21 : python-tornado-3.2.2-1.fc21 (2015-8606)	11 Jun 201500:00	–	nessus
Tenable Nessus	Debian DLA-279-1 : python-tornado security update	23 Jul 201500:00	–	nessus
Tenable Nessus	Fedora 22 : python-tornado-3.2.2-1.fc22 (2015-9143)	10 Jun 201500:00	–	nessus
CVE	CVE-2014-9720	24 Jan 202018:15	–	cve
OpenVAS	Mageia: Security Advisory (MGASA-2015-0251)	28 Jan 202200:00	–	openvas

Vulners

Node

tornadoweb tornadoRange<3.2.2

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-9720
github	www.github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
bugzilla	www.bugzilla.novell.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2015/05/19/4
tornadoweb	www.tornadoweb.org/en/stable/releases/v3.2.2.html
github	www.github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2020-213.yaml
github	www.github.com/advisories/GHSA-8vpw-mgpf-mpvv

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 19:57Current

7.3High risk

Vulners AI Score7.3

CVSS24.3

CVSS36.5

EPSS0.00904

CWE-203