CVE-2023-28370: Medium severity tornado vulnerability
Published May 25, 2023
·Updated
Last updated 11 December 2024
Other sources
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Affected Software
3 affected componentsFixes available
pip/tornado<6.3.2
6.3.2
debian/python-tornado<=6.1.0-1
6.1.0-1+deb11u16.2.0-3+deb12u16.4.2-1
tornadoweb tornado<6.3.2
Event History
May 25, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
Data Sourced
via NVD·10:15 AM
DescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·12:30 PM
Dec 11, 2024
Data Sourced
via Launchpad·03:13 PM
Description
Dec 15, 2024
Data Sourced
via Ubuntu·03:13 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2023-28370?
CVE-2023-28370 has a medium severity rating due to its potential for phishing attacks through open redirection.
2
How do I fix CVE-2023-28370?
To fix CVE-2023-28370, upgrade to Tornado version 6.3.2 or later.
3
What versions are affected by CVE-2023-28370?
CVE-2023-28370 affects Tornado versions 6.3.1 and earlier.
4
Can CVE-2023-28370 be exploited remotely?
Yes, CVE-2023-28370 can be exploited by remote unauthenticated attackers.
5
What kind of attacks can CVE-2023-28370 facilitate?
CVE-2023-28370 can facilitate phishing attacks by redirecting users to malicious websites.