CBL Mariner 2.0 python-werkzeug Security Update: CVE-2023-2557
Reporter | Title | Published | Views | Family All 90 |
---|---|---|---|---|
OSV | High resource usage when parsing multipart form data with many fields | 15 Feb 202315:36 | – | osv |
OSV | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.12.10 packages update | 13 Sep 202418:44 | – | osv |
OSV | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.11.37 packages and security update | 13 Sep 202418:45 | – | osv |
OSV | python310-Werkzeug-2.2.3-1.1 on GA media | 15 Jun 202400:00 | – | osv |
OSV | Red Hat Security Advisory: Red Hat OpenStack Platform (python-werkzeug) security update | 13 Sep 202418:46 | – | osv |
OSV | PYSEC-2023-58 | 14 Feb 202320:15 | – | osv |
OSV | CVE-2023-25577 | 14 Feb 202320:15 | – | osv |
OSV | python-werkzeug - security update | 6 Aug 202300:00 | – | osv |
OSV | python-werkzeug vulnerabilities | 13 Mar 202315:08 | – | osv |
OSV | python-werkzeug - security update | 27 Feb 202300:00 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(172886);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/28");
script_cve_id("CVE-2023-25577");
script_name(english:"CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2023-25577)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is,
therefore, affected by a vulnerability as referenced in the CVE-2023-25577 advisory.
- Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart
form data parser will parse an unlimited number of parts, including file parts. Parts can be a small
amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request
can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or
`request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an
attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
The amount of CPU time required can block worker processes from handling legitimate requests. The amount
of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory
and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all
available workers. Version 2.2.3 contains a patch for this issue. (CVE-2023-25577)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-25577");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25577");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/14");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-werkzeug");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'python3-werkzeug-2.0.3-2.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-werkzeug-2.0.3-2.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-werkzeug');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo