260 matches found
Mageia: Security Advisory (MGASA-2013-0376)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2013-0252)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0251)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-28476
A flaw was found in python-tornado. All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the...
Fedora Update for python-tornado FEDORA-2016-a3618d9ef6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : python-tornado (2016-a3618d9ef6)
Update to 4.4.2 Security fixes - A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...
Updated python-tornado package fixes security vulnerability
A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...
MGASA-2016-0418 Updated python-tornado package fixes security vulnerability
A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...
Fedora Update for python-tornado FEDORA-2016-24478a88fe
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : python-tornado (2016-24478a88fe)
Update to 4.4.2 : Security fixes - A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...
[SECURITY] [DLA 475-1] python-tornado security update
Package : python-tornado Version : 2.3-2+deb7u1 CVE ID : CVE-2014-9720 It was discovered that python-tornado, a Python web framework and asynchronous networking library, was susceptible for the BREACH attack. The XSRF token is now encoded with a random mask on each request. This makes it safe to...
DLA-475-1 python-tornado - security update
Bulletin has no description...
SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)
The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed : - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...
SUSE-SU-2016:1195-1 Security update for python-tornado
The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed: - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...
openSUSE Security Update : python-tornado (openSUSE-2015-741)
python-tornado was updates to fix one security issue. The following vulnerability was fixed : - CVE-2014-9720: XSRF cookie allowed side-channel attack against TLS BREACH %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Fedora 23 : python-tornado-4.2.1-1.fc23 (2015-16197)
Update to 4.2.1. See http://www.tornadoweb.org/en/stable/releases/v4.2.0.html and http://www.tornadoweb.org/en/stable/releases/v4.2.1.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Amazon Linux: Security Advisory (ALAS-2015-521)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-279-1 : python-tornado security update
A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages...
[SECURITY] [DLA 279-1] python-tornado security update
Package : python-tornado Version : 1.0.1-1+deb6u1 CVE ID : CVE-2014-9720 A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random...
DLA-279-1 python-tornado - security update
Bulletin has no description...