Tornado vulnerability

2023-06-1300:00:00

ubuntu.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

Releases

Ubuntu 23.04
Ubuntu 16.04 ESM

Packages

python-tornado - scalable, non-blocking web server and tools - documentation

Details

It was discovered that Tornado incorrectly handled certain redirect.
An remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having user access a
specially crafted URL.

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchpython3-tornado< 6.2.0-3ubuntu0.1UNKNOWN
Ubuntu23.04noarchpython-tornado-doc< 6.2.0-3ubuntu0.1UNKNOWN
Ubuntu23.04noarchpython3-tornado-dbgsym< 6.2.0-3ubuntu0.1UNKNOWN
Ubuntu16.04noarchpython-tornado< 4.2.1-1ubuntu3.1+esm1UNKNOWN
Ubuntu16.04noarchpython-tornado< 4.2.1-1ubuntu3.1UNKNOWN
Ubuntu16.04noarchpython3-tornado< 4.2.1-1ubuntu3.1UNKNOWN
Ubuntu16.04noarchpython3-tornado< 4.2.1-1ubuntu3.1+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	23.04	noarch	python3-tornado	< 6.2.0-3ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	python-tornado-doc	< 6.2.0-3ubuntu0.1	UNKNOWN
Ubuntu	23.04	noarch	python3-tornado-dbgsym	< 6.2.0-3ubuntu0.1	UNKNOWN
Ubuntu	16.04	noarch	python-tornado	< 4.2.1-1ubuntu3.1+esm1	UNKNOWN
Ubuntu	16.04	noarch	python-tornado	< 4.2.1-1ubuntu3.1	UNKNOWN
Ubuntu	16.04	noarch	python3-tornado	< 4.2.1-1ubuntu3.1	UNKNOWN
Ubuntu	16.04	noarch	python3-tornado	< 4.2.1-1ubuntu3.1+esm1	UNKNOWN