Vulnerability CVE-2014-9720

Vulnerability Name:

CVE-2014-9720 (CCN-103527)

Assigned:

2015-05-19

Published:

2015-05-19

Updated:

2020-01-28

Summary:

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-203

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-9720

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
http://openwall.com/lists/oss-security/2015/05/19/4

Source: CCN
Type: oss-security Mailing List, Tue, 19 May 2015 11:01:48 +0200
CVE request: python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH)

Source: MISC
Type: Release Notes, Vendor Advisory
http://www.tornadoweb.org/en/stable/releases/v3.2.2.html

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=930362

Source: CCN
Type: Red Hat Bugzilla Bug 1222816
python-tornado: XSRF cookie allows side-channel attack against TLS (BREACH)

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1222816

Source: XF
Type: UNKNOWN
python-tornado-cve20149720-breach(103527)

Source: CCN
Type: tornado GIT Repository
Change the xsrf cookie format to be masked with a random salt

Source: MISC
Type: Patch
https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-9720

Vulnerable Configuration:

Configuration 1:

cpe:/a:tornadoweb:tornado:*:*:*:*:*:*:*:* (Version < 3.2.2)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20149720	V	CVE-2014-9720	2022-05-20
oval:org.opensuse.security:def:47130	P	powerpc-utils-1.3.2-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47193	P	zoo-2.10-1020.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47987	P	cyrus-sasl-2.1.26-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47192	P	yast2-users-3.1.57-16.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47996	P	dracut-044.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47224	P	coreutils-8.25-12.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47256	P	freeradius-server-3.0.14-1.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48050	P	java-11-openjdk-11.0.4.0-1.26 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46983	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47295	P	java-1_7_1-ibm-1.7.1_sr4.5-37.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47287	P	hplip-3.16.11-1.33 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47067	P	libpulse-mainloop-glib0-32bit-5.0-2.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47046	P	liblzo2-2-2.08-1.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47129	P	pigz-2.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47933	P	yubikey-manager-0.6.0-1.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47358	P	libipa_hbac0-1.13.4-33.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:55922	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:46594	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11508	P	cpio-2.11-29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11642	P	libraptor2-0-2.0.10-3.67 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11683	P	pam-1.1.8-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11839	P	java-1_7_0-openjdk-plugin-1.6.1-2.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11637	P	libproxy1-0.4.11-11.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12344	P	rsyslog-8.24.0-1.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11385	P	libpango-1_0-0-1.36.3-4.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11928	P	libpoppler44-0.24.4-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46769	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46685	P	java-1_7_1-ibm-1.7.1_sr3.10-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11523	P	e2fsprogs-1.42.11-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11730	P	tftp-5.2-10.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11864	P	libXt6-1.1.4-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11684	P	pam-modules-12.1-23.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12366	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12566	P	libkde4-32bit-4.12.0-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11607	P	libgssglue1-0.4-3.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46399	P	cups-filters-1.0.58-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46832	P	qemu-2.3.1-5.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11542	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11393	P	libpython2_7-1_0-2.7.7-2.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11745	P	xinetd-2.3.15-7.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11693	P	perl-Tk-804.031-3.82 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11906	P	liblua5_2-5.2.2-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12588	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46531	P	libzip2-0.11.1-4.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46462	P	libXrandr2-1.4.2-3.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11461	P	strongswan-5.1.3-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11617	P	libltdl7-2.4.2-14.60 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11415	P	libxerces-c-3_1-3.1.1-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11764	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11615	P	libjson-c2-0.11-2.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11706	P	python-pywbem-0.7.0-4.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11915	P	libndp0-1.6-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46622	P	bash-4.2-75.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55848	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:46074	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25847	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:24442	P	Security update for axis (Moderate)	2020-12-01
oval:org.opensuse.security:def:54350	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54491	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24798	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:24389	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:24778	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:46136	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53400	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:54065	P	libsnmp30-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53449	P	Security update for nodejs10 (Critical)	2020-12-01
oval:org.opensuse.security:def:54179	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46207	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25102	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:46087	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:25151	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:46137	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:54157	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55626	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:52826	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54572	P	libmodplug1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24578	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:24948	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:24515	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:24861	P	Security update for python, python-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:24452	P	Security update for libcroco (Moderate)	2020-12-01
oval:org.opensuse.security:def:53506	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:52827	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53622	P	Security update for dovecot23 (Important)	2020-12-01
oval:org.opensuse.security:def:54287	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25146	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:46270	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:25165	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:46150	P	Security update for postgresql96 (Low)	2020-12-01
oval:org.opensuse.security:def:54231	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55700	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:54379	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53048	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:24659	P	Security update for file-roller (Moderate)	2020-12-01
oval:org.opensuse.security:def:25001	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:24641	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25011	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:52989	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:53672	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52849	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53728	P	Security update for python-pip (Important)	2020-12-01
oval:org.opensuse.security:def:53049	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25784	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:24379	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25209	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:54269	P	libgssglue1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54453	P	dnsmasq on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24715	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:46073	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:24722	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25064	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:53227	P	Security update for rmt-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:53957	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53211	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53894	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:53071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25088	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:25819	P	Security update for python-tornado (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:201497200000000	V	CVE-2014-9720 on Ubuntu 18.04 LTS (bionic) - low.	2020-01-24
oval:com.ubuntu.xenial:def:201497200000000	V	CVE-2014-9720 on Ubuntu 16.04 LTS (xenial) - low.	2020-01-24
oval:org.opensuse.security:def:78334	P	Security update for python-tornado (Moderate)	2016-05-02
oval:org.opensuse.security:def:78556	P	Security update for python-tornado (Moderate)	2016-05-02
oval:com.ubuntu.cosmic:def:201497200000000	V	CVE-2014-9720 on Ubuntu 18.10 (cosmic) - low.	2015-05-20
oval:com.ubuntu.artful:def:20149720000	V	CVE-2014-9720 on Ubuntu 17.10 (artful) - low.	2015-05-20
oval:com.ubuntu.trusty:def:20149720000	V	CVE-2014-9720 on Ubuntu 14.04 LTS (trusty) - low.	2015-05-20
oval:com.ubuntu.bionic:def:20149720000	V	CVE-2014-9720 on Ubuntu 18.04 LTS (bionic) - low.	2015-05-20
oval:com.ubuntu.xenial:def:20149720000	V	CVE-2014-9720 on Ubuntu 16.04 LTS (xenial) - low.	2015-05-20
oval:com.ubuntu.cosmic:def:20149720000	V	CVE-2014-9720 on Ubuntu 18.10 (cosmic) - low.	2015-05-20
oval:com.ubuntu.disco:def:201497200000000	V	CVE-2014-9720 on Ubuntu 19.04 (disco) - low.	2015-05-20
oval:com.ubuntu.precise:def:20149720000	V	CVE-2014-9720 on Ubuntu 12.04 LTS (precise) - low.	2015-05-20

BACK