{"id":"CVE-2012-2374","details":"CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.","aliases":["GHSA-f7fv-v9rh-prvc","PYSEC-2012-5"],"modified":"2026-04-10T03:42:19.498273Z","published":"2012-05-23T20:55:01Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/49185"},{"type":"ADVISORY","url":"http://www.tornadoweb.org/documentation/releases/v2.2.1.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2012/05/18/12"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/05/18/6"},{"type":"WEB","url":"http://www.securityfocus.com/bid/53612"}],"schema_version":"1.7.5"}