High severityNVD Advisory· Published May 23, 2012· Updated Jun 16, 2026
CVE-2012-2374
CVE-2012-2374
Description
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tornadoPyPI | < 2.2.1 | 2.2.1 |
Affected products
11cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:tornadoweb:tornado:*:*:*:*:*:*:*:*range: <=2.2
- cpe:2.3:a:tornadoweb:tornado:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tornadoweb:tornado:2.1.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- www.tornadoweb.org/documentation/releases/v2.2.1.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-f7fv-v9rh-prvcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2374ghsaADVISORY
- openwall.com/lists/oss-security/2012/05/18/12nvdWEB
- www.openwall.com/lists/oss-security/2012/05/18/6nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/tornado/PYSEC-2012-5.yamlghsaWEB
- github.com/tornadoweb/tornado/commit/1ae91f6d58e6257e0ab49d295d8741ce1727bdb7ghsaWEB
- web.archive.org/web/20140720192646/http://secunia.com/advisories/49185ghsaWEB
- web.archive.org/web/20200229124524/http://www.securityfocus.com/bid/53612ghsaWEB
- secunia.com/advisories/49185nvd
- www.securityfocus.com/bid/53612nvd
News mentions
0No linked articles in our index yet.