Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2014-9720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers...

6.5CVSS6.6AI score0.02489EPSS
Exploits0References2
OSV
OSV
added 2020/01/24 6:15 p.m.3 views

CVE-2014-9720

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...

6.5CVSS6.4AI score
Exploits0References11
vulnersOsv
vulnersOsv
added 2020/01/24 6:15 p.m.6 views

blackhole (>=0.0.0 <=1.8.1), catsup (>=0.3.8 <=0.3.11) +4 more potentially affected by CVE-2014-9720 via tornado (>=3.0.0 <=3.2.0)

tornado PYPI version =3.0.0, =0.0.0, =0.3.8, =0.1.0, =0.2.1, =0.1.1, =0.1.2 - torext =0.10.0 Source cves: CVE-2014-9720 Source advisory: OSV:PYSEC-2020-213...

6.5CVSS6.5AI score0.02489EPSS
Exploits0
CVE
CVE
added 2020/01/24 5:3 p.m.108 views

CVE-2014-9720

CVE-2014-9720 affects Tornado before 3.2.2. The issue allows remote attackers to exploit BREACH by receiving arbitrary HTTP responses that include a fixed CSRF token, potentially combined with HTTP compression. Root cause: responses may leak the CSRF token under compression. Impact described in s...

6.5CVSS6.3AI score0.02489EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2016/05/15 7:45 p.m.17 views

[SECURITY] [DLA 475-1] python-tornado security update

Package : python-tornado Version : 2.3-2+deb7u1 CVE ID : CVE-2014-9720 It was discovered that python-tornado, a Python web framework and asynchronous networking library, was susceptible for the BREACH attack. The XSRF token is now encoded with a random mask on each request. This makes it safe to...

6.5CVSS6.7AI score0.02489EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/11/17 12:0 a.m.14 views

openSUSE Security Update : python-tornado (openSUSE-2015-741)

python-tornado was updates to fix one security issue. The following vulnerability was fixed : - CVE-2014-9720: XSRF cookie allowed side-channel attack against TLS BREACH %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.5CVSS6.2AI score0.02489EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/07/23 12:0 a.m.23 views

Debian DLA-279-1 : python-tornado security update

A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages...

6.5CVSS6.3AI score0.02489EPSS
Exploits0References3
Debian
Debian
added 2015/07/22 12:52 p.m.20 views

[SECURITY] [DLA 279-1] python-tornado security update

Package : python-tornado Version : 1.0.1-1+deb6u1 CVE ID : CVE-2014-9720 A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random...

6.5CVSS6.3AI score0.02489EPSS
Exploits0
OSV
OSV
added 2015/07/01 12:40 p.m.4 views

MGASA-2015-0251 Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.3AI score0.02489EPSS
Exploits0References4
Mageia
Mageia
added 2015/07/01 12:40 p.m.29 views

Updated python-tornado package fixes security vulnerability

Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...

6.5CVSS6.4AI score0.02489EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/06/11 12:0 a.m.23 views

Fedora Update for python-tornado FEDORA-2015-8606

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.02489EPSS
Exploits0References2
Rows per page
Query Builder