5 matches found
[SECURITY] [DLA 4520-1] python-tornado security update
Debian LTS Advisory DLA-4520-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 01, 2026 https://wiki.debian.org/LTS Package : python-tornado Version : 6.1.0-1+deb11u4 CVE ID : CVE-2026-31958 Debian Bug : 1130507 1132367 Tornado is a scalable, non-blocking...
GHSA-QJXF-F2MG-C6MC Tornado is vulnerable to DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. Fixed expand checks for webAppMoun...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-46701: Refactored CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. CVE-2025-4912...