Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-125.NASL
HistoryMar 21, 2023 - 12:00 a.m.

Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-125)

2023-03-2100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-125 advisory.

  • Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug’s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue. (CVE-2023-25577)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-125.
##

include('compat.inc');

if (description)
{
  script_id(173182);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/21");

  script_cve_id("CVE-2023-25577");

  script_name(english:"Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-125)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-125 advisory.

  - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart
    form data parser will parse an unlimited number of parts, including file parts. Parts can be a small
    amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request
    can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or
    `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an
    attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. The amount
    of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory
    and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all
    available workers. Version 2.2.3 contains a patch for this issue. (CVE-2023-25577)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-125.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-25577.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update python-werkzeug --releasever=2023.0.20230308' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25577");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-werkzeug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-werkzeug-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'python3-werkzeug-1.0.1-5.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python3-werkzeug-doc-1.0.1-5.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-werkzeug / python3-werkzeug-doc");
}
VendorProductVersionCPE
amazonlinuxpython3-werkzeugp-cpe:/a:amazon:linux:python3-werkzeug
amazonlinuxpython3-werkzeug-docp-cpe:/a:amazon:linux:python3-werkzeug-doc
amazonlinux2023cpe:/o:amazon:linux:2023

Related

cbl_mariner 1
osv 6
openvas 9
prion 1
nessus 18
debiancve 1
redhatcve 1
ubuntucve 1
cve 1
redhat 8
ibm 20
cvelist 1
veracode 1
github 1
oraclelinux 1
redos 1
ubuntu 2
debian 2
fedora 2
oracle 1
cbl_mariner
cbl_mariner
CVE-2023-25577 affecting package python-werkzeug for versions less than 2.0.3-2
2023-03-09 00:25:04
osv
osv
High resource usage when parsing multipart form data with many fields
2023-02-15 15:36:26
PYSEC-2023-58
2023-02-14 20:15:00
CVE-2023-25577
2023-02-14 20:15:17
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1664-1)
2023-03-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1693-1)
2023-03-31 00:00:00
Huawei EulerOS: Security Advisory for python-werkzeug (EulerOS-SA-2023-2167)
2023-06-09 00:00:00
prion
prion
Design/Logic Flaw
2023-02-14 20:15:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1693-1)
2023-03-31 00:00:00
RHEL 7 / 8 : Red Hat OpenStack Platform (python-werkzeug) (RHSA-2023:1281)
2024-04-28 00:00:00
SUSE SLES12 Security Update : python-Werkzeug (SUSE-SU-2023:1775-1)
2023-04-06 00:00:00
debiancve
debiancve
CVE-2023-25577
2023-02-14 20:15:17
redhatcve
redhatcve
CVE-2023-25577
2023-02-16 00:29:48
ubuntucve
ubuntucve
CVE-2023-25577
2023-02-14 00:00:00
cve
cve
CVE-2023-25577
2023-02-14 20:15:17
redhat
redhat
(RHSA-2023:1281) Important: Red Hat OpenStack Platform (python-werkzeug) security update
2023-03-15 19:44:49
(RHSA-2023:1018) Important: Red Hat OpenStack Platform 17.0 (python-werkzeug) security update
2023-02-28 15:40:53
(RHSA-2023:7341) Important: Red Hat Quay security update
2023-11-30 13:30:08
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug (CVE-2023-25577)
2023-06-28 19:57:28
Security Bulletin: IBM Watson Assistant for Cloud pak for Data is affected by vulnerabilities in Pallets Werkzeug .
2023-03-15 21:25:40
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Pallets Werkzeug
2023-05-02 21:56:46
cvelist
cvelist
CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields
2023-02-14 19:56:26
veracode
veracode
Denial Of Service (DoS)
2023-02-16 08:55:19
github
github
High resource usage when parsing multipart form data with many fields
2023-02-15 15:36:26
oraclelinux
oraclelinux
python-werkzeug security update
2023-08-06 00:00:00
redos
redos
ROS-20230428-03
2023-04-28 00:00:00
ubuntu
ubuntu
Werkzeug vulnerabilities
2023-06-20 00:00:00
Werkzeug vulnerabilities
2023-03-13 00:00:00
debian
debian
[SECURITY] [DLA 3346-1] python-werkzeug security update
2023-02-27 18:21:56
[SECURITY] [DSA 5470-1] python-werkzeug security update
2023-08-06 12:39:03
fedora
fedora
[SECURITY] Fedora 37 Update: mingw-python-werkzeug-2.2.3-1.fc37
2023-03-16 18:33:59
[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-1.fc38
2023-03-11 04:07:29
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
JSON
Related for AL2023_ALAS2023-2023-125.NASL
cbl_mariner1osv6openvas9prion1nessus18debiancve1redhatcve1ubuntucve1cve1redhat8ibm20cvelist1veracode1github1oraclelinux1redos1ubuntu2debian2fedora2oracle1