1926768 – (CVE-2020-28476) CVE-2020-28476 python-tornado: Web Cache Poisoning by using a vector called parameter cloaking may lead to Integrity and Availability compromise

Bug 1926768 (CVE-2020-28476) - CVE-2020-28476 python-tornado: Web Cache Poisoning by using a vector called parameter cloaking may lead to Integrity and Availability compromise

Summary: CVE-2020-28476 python-tornado: Web Cache Poisoning by using a vector called p...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-28476
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1926769 1926770 1928196
Blocks:	1926772
TreeView+	depends on / blocked

Reported:	2021-02-09 12:31 UTC by Marian Rehak
Modified:	2021-06-07 15:07 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in python-tornado. All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This issue results in malicious requests cached as completely safe ones. The highest threat from this vulnerability is to integrity and system availability.
Clone Of:
Environment:
Last Closed:	2021-02-16 13:59:40 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2021-02-09 12:31:48 UTC

All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones.

Reference:

https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109

Comment 1 Marian Rehak 2021-02-09 12:32:29 UTC

Created python-tornado tracking bugs for this issue:

Affects: epel-8 [bug 1926770]
Affects: fedora-all [bug 1926769]

Comment 2 Riccardo Schirone 2021-02-12 15:56:32 UTC

Created python3-tornado tracking bugs for this issue:

Affects: epel-all [bug 1928196]

Comment 3 Riccardo Schirone 2021-02-12 16:05:38 UTC

External References:

https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109

Comment 4 Riccardo Schirone 2021-02-16 13:59:40 UTC

This CVE was rejected by upstream. See at CVE-2021-23336.

Note You need to log in before you can comment on or make changes to this bug.