11 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-9720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers...
CVE-2014-9720
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...
blackhole (>=0.0.0 <=1.8.1), catsup (>=0.3.8 <=0.3.11) +4 more potentially affected by CVE-2014-9720 via tornado (>=3.0.0 <=3.2.0)
tornado PYPI version =3.0.0, =0.0.0, =0.3.8, =0.1.0, =0.2.1, =0.1.1, =0.1.2 - torext =0.10.0 Source cves: CVE-2014-9720 Source advisory: OSV:PYSEC-2020-213...
CVE-2014-9720
CVE-2014-9720 affects Tornado before 3.2.2. The issue allows remote attackers to exploit BREACH by receiving arbitrary HTTP responses that include a fixed CSRF token, potentially combined with HTTP compression. Root cause: responses may leak the CSRF token under compression. Impact described in s...
[SECURITY] [DLA 475-1] python-tornado security update
Package : python-tornado Version : 2.3-2+deb7u1 CVE ID : CVE-2014-9720 It was discovered that python-tornado, a Python web framework and asynchronous networking library, was susceptible for the BREACH attack. The XSRF token is now encoded with a random mask on each request. This makes it safe to...
openSUSE Security Update : python-tornado (openSUSE-2015-741)
python-tornado was updates to fix one security issue. The following vulnerability was fixed : - CVE-2014-9720: XSRF cookie allowed side-channel attack against TLS BREACH %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Debian DLA-279-1 : python-tornado security update
A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages...
[SECURITY] [DLA 279-1] python-tornado security update
Package : python-tornado Version : 1.0.1-1+deb6u1 CVE ID : CVE-2014-9720 A vulnerability was discovered in python-tornado, a Python scalable, non- blocking web server. CVE-2014-9720 CSRF cookie allows side-channel attack against TLS BREACH Security Fix The XSRF token is now encoded with a random...
MGASA-2015-0251 Updated python-tornado package fixes security vulnerability
Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...
Updated python-tornado package fixes security vulnerability
Security fixes CVE-2014-9720 The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrfcookies and gzip options or have gzip applied by ...
Fedora Update for python-tornado FEDORA-2015-8606
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...