exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 20

CVE-2025-47287

6 месяцев назад

Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-47287

6 месяцев назад

CVSS3: 7.5

EPSS: Низкий

CVE-2025-47287

6 месяцев назад

CVSS3: 7.5

EPSS: Низкий

CVE-2025-47287

6 месяцев назад

Tornado is a Python web framework and asynchronous networking library. ...

CVSS3: 7.5

EPSS: Низкий

SUSE-SU-2025:01726-2

5 месяцев назад

Security update for python-tornado

EPSS: Низкий

SUSE-SU-2025:01726-1

5 месяцев назад

Security update for python-tornado

EPSS: Низкий

SUSE-SU-2025:01649-2

6 месяцев назад

Security update for python-tornado6

EPSS: Низкий

SUSE-SU-2025:01649-1

6 месяцев назад

Security update for python-tornado6

EPSS: Низкий

ROS-20250710-04

4 месяца назад

Уязвимость python3-tornado

CVSS3: 7.5

EPSS: Низкий

RLSA-2025:8135

около 1 месяца назад

Important: python-tornado security update

EPSS: Низкий

GHSA-7cx3-6m66-7c5m

6 месяцев назад

Tornado vulnerable to excessive logging caused by malformed multipart form data

CVSS3: 7.5

EPSS: Низкий

ELSA-2025-8664

4 месяца назад

ELSA-2025-8664: python-tornado security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-8136

5 месяцев назад

ELSA-2025-8136: python-tornado security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-8135

4 месяца назад

ELSA-2025-8135: python-tornado security update (IMPORTANT)

EPSS: Низкий

BDU:2025-08361

6 месяцев назад

Уязвимость компонента multipart/form-data веб-фреймворка и асинхронной сетевой библиотеки Tornado, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5

EPSS: Низкий

ELSA-2025-8254

5 месяцев назад

ELSA-2025-8254: pcs security update (IMPORTANT)

EPSS: Низкий

SUSE-SU-2025:02534-1

3 месяца назад

Security update for salt

EPSS: Низкий

SUSE-SU-2025:02502-1

3 месяца назад

Security update for salt

EPSS: Низкий

SUSE-SU-2025:02501-1

3 месяца назад

Security update for salt

EPSS: Низкий

SUSE-SU-2025:02500-1

3 месяца назад

Security update for salt

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.	CVSS3: 7.5	0% Низкий	6 месяцев назад
CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.	CVSS3: 7.5	0% Низкий	6 месяцев назад
CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.	CVSS3: 7.5	0% Низкий	6 месяцев назад
CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. ...	CVSS3: 7.5	0% Низкий	6 месяцев назад
SUSE-SU-2025:01726-2 Security update for python-tornado		0% Низкий	5 месяцев назад
SUSE-SU-2025:01726-1 Security update for python-tornado		0% Низкий	5 месяцев назад
SUSE-SU-2025:01649-2 Security update for python-tornado6		0% Низкий	6 месяцев назад
SUSE-SU-2025:01649-1 Security update for python-tornado6		0% Низкий	6 месяцев назад
ROS-20250710-04 Уязвимость python3-tornado	CVSS3: 7.5	0% Низкий	4 месяца назад
RLSA-2025:8135 Important: python-tornado security update		0% Низкий	около 1 месяца назад
GHSA-7cx3-6m66-7c5m Tornado vulnerable to excessive logging caused by malformed multipart form data	CVSS3: 7.5	0% Низкий	6 месяцев назад
ELSA-2025-8664 ELSA-2025-8664: python-tornado security update (IMPORTANT)			4 месяца назад
ELSA-2025-8136 ELSA-2025-8136: python-tornado security update (IMPORTANT)			5 месяцев назад
ELSA-2025-8135 ELSA-2025-8135: python-tornado security update (IMPORTANT)			4 месяца назад
BDU:2025-08361 Уязвимость компонента multipart/form-data веб-фреймворка и асинхронной сетевой библиотеки Tornado, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 7.5	0% Низкий	6 месяцев назад
ELSA-2025-8254 ELSA-2025-8254: pcs security update (IMPORTANT)			5 месяцев назад
SUSE-SU-2025:02534-1 Security update for salt			3 месяца назад
SUSE-SU-2025:02502-1 Security update for salt			3 месяца назад
SUSE-SU-2025:02501-1 Security update for salt			3 месяца назад
SUSE-SU-2025:02500-1 Security update for salt			3 месяца назад

Уязвимостей на страницу