Description
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2018-15756 Vulnerability (CVE-2018-15756)
MySQL CVE-2018-3161 Vulnerability (CVE-2018-3161)
WordPress Plugin MM Forms Community 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)
WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)