4 matches found
Denial Of Service (DoS)
Tornado is vulnerable to a Denial Of Service DoS. The vulnerability is due to Tornado’s multipart/form-data parser continuing to process data after encountering errors, allows an attacker to generate excessive synchronous logging...
PT-2025-21576
Name of the Vulnerable Software and Affected Versions: Tornado versions prior to 6.5.0 Description: The issue allows remote attackers to generate a high volume of logs, constituting a denial-of-service DoS attack, by exploiting Tornado's multipart/form-data parser when it encounters certain error...
GHSA-QV64-W99C-QCR9 Jenkins temporary uploaded file created with insecure permissions
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, uploaded files processed via the Stapler web framework and the Jenkins API MultipartFormDataParser create temporary files in the system temporary directory with the default permissions for newly created files. If these permissions are overly...
Jenkins: Denial of Service attack
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service...