Количество 19
Количество 19
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. ...
SUSE-SU-2025:01726-2
Security update for python-tornado
SUSE-SU-2025:01726-1
Security update for python-tornado
SUSE-SU-2025:01649-2
Security update for python-tornado6
SUSE-SU-2025:01649-1
Security update for python-tornado6
ROS-20250710-04
Уязвимость python3-tornado
GHSA-7cx3-6m66-7c5m
Tornado vulnerable to excessive logging caused by malformed multipart form data
ELSA-2025-8664
ELSA-2025-8664: python-tornado security update (IMPORTANT)
ELSA-2025-8136
ELSA-2025-8136: python-tornado security update (IMPORTANT)
ELSA-2025-8135
ELSA-2025-8135: python-tornado security update (IMPORTANT)
BDU:2025-08361
Уязвимость компонента multipart/form-data веб-фреймворка и асинхронной сетевой библиотеки Tornado, позволяющая нарушителю вызвать отказ в обслуживании
ELSA-2025-8254
ELSA-2025-8254: pcs security update (IMPORTANT)
SUSE-SU-2025:02534-1
Security update for salt
SUSE-SU-2025:02502-1
Security update for salt
SUSE-SU-2025:02501-1
Security update for salt
SUSE-SU-2025:02500-1
Security update for salt
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. ... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:01726-2 Security update for python-tornado | 0% Низкий | 2 месяца назад | |
| SUSE-SU-2025:01726-1 Security update for python-tornado | 0% Низкий | 2 месяца назад | |
| SUSE-SU-2025:01649-2 Security update for python-tornado6 | 0% Низкий | 2 месяца назад | |
| SUSE-SU-2025:01649-1 Security update for python-tornado6 | 0% Низкий | 3 месяца назад | |
 | ROS-20250710-04 Уязвимость python3-tornado | CVSS3: 7.5 | 0% Низкий | 27 дней назад |
| GHSA-7cx3-6m66-7c5m Tornado vulnerable to excessive logging caused by malformed multipart form data | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| ELSA-2025-8664 ELSA-2025-8664: python-tornado security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-8136 ELSA-2025-8136: python-tornado security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-8135 ELSA-2025-8135: python-tornado security update (IMPORTANT) | около 1 месяца назад | ||
 | BDU:2025-08361 Уязвимость компонента multipart/form-data веб-фреймворка и асинхронной сетевой библиотеки Tornado, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| ELSA-2025-8254 ELSA-2025-8254: pcs security update (IMPORTANT) | 2 месяца назад | ||
| SUSE-SU-2025:02534-1 Security update for salt | 9 дней назад | ||
| SUSE-SU-2025:02502-1 Security update for salt | 14 дней назад | ||
| SUSE-SU-2025:02501-1 Security update for salt | 14 дней назад | ||
| SUSE-SU-2025:02500-1 Security update for salt | 14 дней назад |
Уязвимостей на страницу