Total vulnerabilities in the database
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
| Software | From | Fixed in |
|---|---|---|
| tornadoweb / tornado | 1.1 | 1.1.x |
| tornadoweb / tornado | 2.1 | 2.1.x |
| tornadoweb / tornado | 2.0 | 2.0.x |
| tornadoweb / tornado | 1.0 | 1.0.x |
| tornadoweb / tornado | 1.2.1 | 1.2.1.x |
| tornadoweb / tornado | 1.1.1 | 1.1.1.x |
| tornadoweb / tornado | 1.0.1 | 1.0.1.x |
| tornadoweb / tornado | - | 2.2.x |
| tornadoweb / tornado | 1.2 | 1.2.x |
| tornadoweb / tornado | 2.1.1 | 2.1.1.x |