Ubuntu Security Update USN-7950-1: Tornado vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
It was discovered that Tornado incorrectly handled special characters in HTTP headers. An attacker could possibly use this issue to execute a cross- site scripting (XSS) attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-67724) It was discovered that Tornado incorrectly handled repeated HTTP headers. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67725) It was discovered that Tornado incorrectly handled parsing of certain HTTP header values. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67726)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8198-2: Tornado vulnerabilities
Replies
0
Views
102
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8198-1: Tornado vulnerabilities
Replies
0
Views
93
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8154-1: Django vulnerabilities
Replies
0
Views
123
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8154-2: Django vulnerabilities
Replies
0
Views
162
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8182-1: Rack vulnerabilities
Replies
0
Views
216
LinuxBot
LinuxBot


Follow Linux.org

Staff online

Members online

Total: 4,391 (members: 5, guests: 4,386)

Latest posts

Top