CVE-2012-2374
CVE-2012-2374 is a Tornado CRLF injection vulnerability in the function tornado.web.RequestHandler.set_header, where input crafted by an attacker can inject arbitrary HTTP headers and enable HTTP response splitting. The issue affects Tornado versions prior to 2.2.1. The vulnerability enables an a...