USN-7150-1: Tornado vulnerabilities

First published: Wed Dec 11 2024(Updated: )

It was discovered that Tornado incorrectly handled a certain redirect. A remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Ubuntu 16.04 LTS was previously addressed in USN-6159-1. (CVE-2023-28370) It was discovered that Tornado inefficiently handled requests when parsing cookies. An attacker could possibly use this issue to increase resource utilization leading to a denial of service. (CVE-2024-52804)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/references
• agent/severity
• agent/softwarecombine
• agent/type
• agent/last-modified-date
• agent/event
• agent/first-publish-date
• agent/tags
• collector/usn
• source/Ubuntu
• anchor-related/USN-6159-1
• agent/software-canonical-lookup
• agent/description
• agent/trending
• package-manager/ubuntu
• vendor/ubuntu
• canonical/ubuntu ubuntu
• version/ubuntu ubuntu/24.10
• version/ubuntu ubuntu/24.04
• version/ubuntu ubuntu/22.04
• version/ubuntu ubuntu/20.04
• version/ubuntu ubuntu/18.04