Lucene search
+L

84 matches found

OSV
OSV
added 2020/01/24 6:15 p.m.26 views

PYSEC-2020-213

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...

6.5CVSS5.1AI score0.02489EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2020/01/24 5:3 p.m.40 views

CVE-2014-9720

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...

6.5CVSS6.5AI score0.02489EPSS
Exploits0
Cvelist
Cvelist
added 2020/01/24 5:3 p.m.20 views

CVE-2014-9720

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...

6.4AI score0.02489EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2019/06/12 2:28 p.m.3 views

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

A new threat has hit head the headlines Robinhood anyone?, and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/07/30 8:51 a.m.243 views

Legal Robot: SSL BREACH attack (CVE-2013-3587)

Hello security team, The site legalrobot.com is potentially vulnerable to the BREACH attack. Allowing an attacker the ability to: - Inject partial chosen plaintext into a victim's requests - Measure the size of encrypted traffic - can leverage information leaked by compression to recover targeted...

4.3CVSS0.2AI score0.06049EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2016/05/16 12:0 a.m.23 views

Debian DLA-475-1 : python-tornado security update

It was discovered that python-tornado, a Python web framework and asynchronous networking library, was susceptible for the BREACH attack. The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable. For Debian 7...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
OSV
OSV
added 2016/05/15 12:0 a.m.15 views

DLA-475-1 python-tornado - security update

Bulletin has no description...

6.5CVSS6.3AI score0.02489EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/05/04 12:0 a.m.26 views

SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)

The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed : - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2016/04/05 2:52 p.m.13 views

BREACH Revived to Steal Private Messages from Gmail, Facebook

The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of th...

0.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/10/29 12:0 a.m.59 views

Debian DLA-336-1 : phpmyadmin security update

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Multiple cross-site scripting XSS vulnerabilities. CVE-2014-9218 Denial of service resource consumption via a long password. CVE-2015-2206 Risk of BREACH attack due to reflected parameter...

6.8CVSS7.8AI score0.11055EPSS
Exploits4References6
Debian
Debian
added 2015/10/28 7:52 p.m.46 views

[SECURITY] [DSA 3382-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3382-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst October 28, 2015 https://www.debian.org/security/faq -...

6.8CVSS9.6AI score0.11055EPSS
Exploits7
OpenVAS
OpenVAS
added 2015/10/28 12:0 a.m.47 views

Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL. CVE-2014-8958 Wheezy only Multiple cross-site scripting XSS vulnerabilities. CVE-2014-9218 Wheezy only Denial of service resource consumption via a long password. CVE-2015-2206 Risk of BREACH attack due to...

6.8CVSS8AI score0.11055EPSS
Exploits7References1
OSV
OSV
added 2015/10/28 12:0 a.m.40 views

DLA-336-1 phpmyadmin - security update

Bulletin has no description...

6.8CVSS8AI score0.11055EPSS
Exploits4
OpenVAS
OpenVAS
added 2015/10/27 12:0 a.m.37 views

Debian: Security Advisory (DSA-3382-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS9.8AI score0.11055EPSS
Exploits7References3
Debian
Debian
added 2015/07/22 12:52 p.m.50 views

[SECURITY] [DLA 279-1] python-tornado security update

Package : python-tornado Version : 1.0.1-1+deb6u1 CVE ID : CVE-2014-9720 A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random...

6.5CVSS6.3AI score0.02489EPSS
Exploits0
Mageia
Mageia
added 2015/07/01 12:40 p.m.30 views

Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
OSV
OSV
added 2015/07/01 12:40 p.m.5 views

MGASA-2015-0251 Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.3AI score0.02489EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/11 12:0 a.m.18 views

Fedora 21 : python-tornado-3.2.2-1.fc21 (2015-8606)

Security fixes The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by a proxy...

6.5CVSS6.5AI score0.02489EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.18 views

Fedora 22 : python-tornado-3.2.2-1.fc22 (2015-9143)

Security fixes The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by a proxy...

6.5CVSS6.5AI score0.02489EPSS
Exploits0References3
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.77 views

Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability

Document Title: =============== Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1420 Release Date: ============= 2015-05-03 Vulnerability Laboratory ID VL-ID:...

6.4AI score
Exploits0
Rows per page
Query Builder