Количество 11
Количество 11
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. ...
SUSE-SU-2025:01726-2
Security update for python-tornado
SUSE-SU-2025:01726-1
Security update for python-tornado
SUSE-SU-2025:01649-2
Security update for python-tornado6
SUSE-SU-2025:01649-1
Security update for python-tornado6
GHSA-7cx3-6m66-7c5m
Tornado vulnerable to excessive logging caused by malformed multipart form data
ELSA-2025-8136
ELSA-2025-8136: python-tornado security update (IMPORTANT)
ELSA-2025-8254
ELSA-2025-8254: pcs security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-47287 Tornado is a Python web framework and asynchronous networking library. ... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | SUSE-SU-2025:01726-2 Security update for python-tornado | 0% Низкий | 13 дней назад | |
| SUSE-SU-2025:01726-1 Security update for python-tornado | 0% Низкий | 22 дня назад | |
| SUSE-SU-2025:01649-2 Security update for python-tornado6 | 0% Низкий | 27 дней назад | |
| SUSE-SU-2025:01649-1 Security update for python-tornado6 | 0% Низкий | 28 дней назад | |
| GHSA-7cx3-6m66-7c5m Tornado vulnerable to excessive logging caused by malformed multipart form data | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| ELSA-2025-8136 ELSA-2025-8136: python-tornado security update (IMPORTANT) | 24 дня назад | ||
| ELSA-2025-8254 ELSA-2025-8254: pcs security update (IMPORTANT) | 22 дня назад |
Уязвимостей на страницу