6 matches found
Python Library Tornado < 6.5.6 Multiple Vulnerabilities
The version of the Tornado Python library installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities: - When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes...
Oracle Linux 9 : python-tornado (ELSA-2026-13670)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13670 advisory. 6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160941 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: pcs (UTSA-2026-006185)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006185 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...
SUSE CVE-2025-67726
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...
OPENSUSE-SU-2025:15838-1 python311-tornado6-6.5.4-1.1 on GA media
These are all security issues fixed in the python311-tornado6-6.5.4-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...