11 matches found
MGASA-2026-0092 Updated python-tornado packages fix security vulnerabilities
Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
tornado: Tornado Quadratic DoS via Repeated Header Coalescing
A denial of service flaw has been discovered in the Tornado networking library. In Tornado, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the...
AlmaLinux 8 : pcs (ALSA-2026:0930)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0930 advisory. tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-6772...
RLSA-2026:0930 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...
ALSA-2026:0930 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...
Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...
CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2025-67725
Tornado (Python) vulnerable in versions
CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...