USN-6159-1: Tornado vulnerability
It was discovered that Tornado incorrectly handled certain redirect.
An remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having user access a
specially crafted URL.
Source: USN-6159-1: Tornado vulnerability