Lucene search
GitHub_MCVELIST:CVE-2023-23934HistoryFeb 14, 2023 - 7:56 p.m.
CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
2023-02-1419:56:22
CWE-20
GitHub_M
raw.githubusercontent.com
Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie =__Host-test=bad as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
Related
nessus
nessus
Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-149)
2023-04-04 00:00:00
Debian DLA-3346-1 : python-werkzeug - LTS security update
2023-02-27 00:00:00
RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)
2024-04-28 00:00:00
veracode
veracode
Authorization Bypass
2023-02-16 07:44:36
redhatcve
redhatcve
CVE-2023-23934
2023-02-16 00:29:39
cbl_mariner
cbl_mariner
cve
cve
CVE-2023-23934
2023-02-14 20:15:17
github
github
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
2023-02-15 15:37:03
Private vulnerability reporting now generally available
2023-04-19 16:00:41
osv
osv
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
2023-02-15 15:37:03
CVE-2023-23934
2023-02-14 20:15:17
PYSEC-2023-57
2023-02-14 20:15:00
prion
prion
Design/Logic Flaw
2023-02-14 20:15:00
ubuntucve
ubuntucve
CVE-2023-23934
2023-02-14 00:00:00
debiancve
debiancve
CVE-2023-23934
2023-02-14 20:15:17
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Pallets Werkzeug ( CVE-2023-23934)
2023-06-28 20:45:44
redos
redos
ROS-20230428-03
2023-04-28 00:00:00
ubuntu
ubuntu
Werkzeug vulnerabilities
2023-06-20 00:00:00
Werkzeug vulnerabilities
2023-03-13 00:00:00
oraclelinux
oraclelinux
python-werkzeug security update
2023-08-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-werkzeug (EulerOS-SA-2023-2167)
2023-06-09 00:00:00
Fedora: Security Advisory for mingw-python-werkzeug (FEDORA-2023-af75e27098)
2023-03-17 00:00:00
Ubuntu: Security Advisory (USN-5948-1)
2023-03-14 00:00:00
debian
debian
[SECURITY] [DLA 3346-1] python-werkzeug security update
2023-02-27 18:21:56
[SECURITY] [DSA 5470-1] python-werkzeug security update
2023-08-06 12:39:03
fedora
fedora
[SECURITY] Fedora 37 Update: mingw-python-werkzeug-2.2.3-1.fc37
2023-03-16 18:33:59
[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-1.fc38
2023-03-11 04:07:29
redhat
redhat
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00