Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2023-1281.NASLHistoryApr 28, 2024 - 12:00 a.m.
RHEL 7 / 8 : Red Hat OpenStack Platform (python-werkzeug) (RHSA-2023:1281)
2024-04-2800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
red hat openstack platform
python-werkzeug
vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
59.1%
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1281 advisory.
Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility modules. It includes a powerful debugger, full featured request and response objects, HTTP utilities to handle entity tags, cache control headers, HTTP dates, cookie handling, file uploads, a powerful URL routing system and a bunch of community contributed addon modules. Werkzeug is unicode aware and doesn't enforce a specific template engine, database adapter or anything else. It doesn't even enforce a specific way of handling requests and leaves all that up to the developer. It's most useful for end user applications which should work on as many server environments as possible (such as blogs, wikis, bulletin boards, etc.).
Security Fix(es):
* high resource usage when parsing multipart form data with many fields (CVE-2023-25577)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:1281. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194237);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id("CVE-2023-25577");
script_xref(name:"RHSA", value:"2023:1281");
script_name(english:"RHEL 7 / 8 : Red Hat OpenStack Platform (python-werkzeug) (RHSA-2023:1281)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update for Red Hat OpenStack Platform (python-werkzeug).");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced
in the RHSA-2023:1281 advisory.
Werkzeug started as simple collection of various
utilities for WSGI applications and has become one of the most advanced
WSGI utility modules. It includes a powerful debugger, full featured
request and response objects, HTTP utilities to handle entity tags, cache
control headers, HTTP dates, cookie handling, file uploads, a powerful URL
routing system and a bunch of community contributed addon modules. Werkzeug
is unicode aware and doesn't enforce a specific template engine, database
adapter or anything else. It doesn't even enforce a specific way of
handling requests and leaves all that up to the developer. It's most useful
for end user applications which should work on as many server environments
as possible (such as blogs, wikis, bulletin boards, etc.).
Security Fix(es):
* high resource usage when parsing multipart form data with many fields
(CVE-2023-25577)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2170242");
# https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1281.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25941c6a");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:1281");
script_set_attribute(attribute:"solution", value:
"Update the RHEL Red Hat OpenStack Platform (python-werkzeug) package based on the guidance in RHSA-2023:1281.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25577");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(770);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/14");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-werkzeug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-werkzeug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-werkzeug-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-werkzeug");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/debug',
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/os',
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.1/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.2/debug',
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.2/os',
'content/dist/layered/rhel8/ppc64le/openstack-cinderlib/16.2/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/debug',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/os',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.1/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.2/debug',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.2/os',
'content/dist/layered/rhel8/ppc64le/openstack-deployment-tools/16.2/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/openstack/16.1/debug',
'content/dist/layered/rhel8/ppc64le/openstack/16.1/os',
'content/dist/layered/rhel8/ppc64le/openstack/16.1/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/openstack/16.2/debug',
'content/dist/layered/rhel8/ppc64le/openstack/16.2/os',
'content/dist/layered/rhel8/ppc64le/openstack/16.2/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/debug',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/os',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.1/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.2/debug',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.2/os',
'content/dist/layered/rhel8/x86_64/openstack-cinderlib/16.2/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/debug',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/os',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.1/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.2/debug',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.2/os',
'content/dist/layered/rhel8/x86_64/openstack-deployment-tools/16.2/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack-tools/16/debug',
'content/dist/layered/rhel8/x86_64/openstack-tools/16/os',
'content/dist/layered/rhel8/x86_64/openstack-tools/16/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack/16.1/debug',
'content/dist/layered/rhel8/x86_64/openstack/16.1/os',
'content/dist/layered/rhel8/x86_64/openstack/16.1/source/SRPMS',
'content/dist/layered/rhel8/x86_64/openstack/16.2/debug',
'content/dist/layered/rhel8/x86_64/openstack/16.2/os',
'content/dist/layered/rhel8/x86_64/openstack/16.2/source/SRPMS'
],
'pkgs': [
{'reference':'python3-werkzeug-0.14.1-12.el8ost', 'release':'8', 'el_string':'el8ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}
]
},
{
'repo_relative_urls': [
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/13/debug',
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/13/os',
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/13/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack/13/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack/13/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/openstack/13/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/13/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/13/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/13/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-octavia/13/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-octavia/13/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-octavia/13/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/13/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/13/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/13/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack/13/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack/13/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack/13/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/source/SRPMS',
'content/els/rhel/client/7/7Client/x86_64/openstack-tools/13/debug',
'content/els/rhel/client/7/7Client/x86_64/openstack-tools/13/os',
'content/els/rhel/client/7/7Client/x86_64/openstack-tools/13/source/SRPMS',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/debug',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/os',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-deployment-tools/13/source/SRPMS',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/debug',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/os',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack-devtools/13/source/SRPMS',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack/13/debug',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack/13/os',
'content/els/rhel/power-le/7/7Server/ppc64le/openstack/13/source/SRPMS',
'content/els/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/debug',
'content/els/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/os',
'content/els/rhel/server/7/7Server/x86_64/openstack-deployment-tools/13/source/SRPMS',
'content/els/rhel/server/7/7Server/x86_64/openstack-devtools/13/debug',
'content/els/rhel/server/7/7Server/x86_64/openstack-devtools/13/os',
'content/els/rhel/server/7/7Server/x86_64/openstack-devtools/13/source/SRPMS',
'content/els/rhel/server/7/7Server/x86_64/openstack-octavia/13/debug',
'content/els/rhel/server/7/7Server/x86_64/openstack-octavia/13/os',
'content/els/rhel/server/7/7Server/x86_64/openstack-octavia/13/source/SRPMS',
'content/els/rhel/server/7/7Server/x86_64/openstack-tools/13/debug',
'content/els/rhel/server/7/7Server/x86_64/openstack-tools/13/os',
'content/els/rhel/server/7/7Server/x86_64/openstack-tools/13/source/SRPMS',
'content/els/rhel/server/7/7Server/x86_64/openstack/13/debug',
'content/els/rhel/server/7/7Server/x86_64/openstack/13/os',
'content/els/rhel/server/7/7Server/x86_64/openstack/13/source/SRPMS',
'content/els/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/debug',
'content/els/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/os',
'content/els/rhel/workstation/7/7Workstation/x86_64/openstack-tools/13/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/openstack-octavia/13/debug',
'content/eus/rhel/server/7/7.6/x86_64/openstack-octavia/13/os',
'content/eus/rhel/server/7/7.6/x86_64/openstack-octavia/13/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/openstack/13/debug',
'content/eus/rhel/server/7/7.6/x86_64/openstack/13/os',
'content/eus/rhel/server/7/7.6/x86_64/openstack/13/source/SRPMS'
],
'pkgs': [
{'reference':'python2-werkzeug-0.14.1-3.1.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
{'reference':'python2-werkzeug-doc-0.14.1-3.1.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-werkzeug / python2-werkzeug-doc / python3-werkzeug');
}
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1664-1)
2023-03-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1693-1)
2023-03-31 00:00:00
Debian: Security Advisory (DSA-5470-1)
2023-08-07 00:00:00
osv
osv
High resource usage when parsing multipart form data with many fields
2023-02-15 15:36:26
python310-Werkzeug-2.2.3-1.1 on GA media
2024-06-15 00:00:00
CVE-2023-25577
2023-02-14 20:15:17
nessus
nessus
Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-125)
2023-03-21 00:00:00
cbl_mariner
cbl_mariner
redhatcve
redhatcve
CVE-2023-25577
2023-02-16 00:29:48
debiancve
debiancve
CVE-2023-25577
2023-02-14 20:15:17
prion
prion
Design/Logic Flaw
2023-02-14 20:15:00
github
github
High resource usage when parsing multipart form data with many fields
2023-02-15 15:36:26
veracode
veracode
Denial Of Service (DoS)
2023-02-16 08:55:19
nvd
nvd
CVE-2023-25577
2023-02-14 20:15:17
ubuntucve
ubuntucve
CVE-2023-25577
2023-02-14 00:00:00
redhat
redhat
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug (CVE-2023-25577)
2023-06-28 19:57:28
cvelist
cvelist
cve
cve
CVE-2023-25577
2023-02-14 20:15:17
fedora
fedora
[SECURITY] Fedora 37 Update: mingw-python-werkzeug-2.2.3-1.fc37
2023-03-16 18:33:59
[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-1.fc38
2023-03-11 04:07:29
debian
debian
[SECURITY] [DLA 3346-1] python-werkzeug security update
2023-02-27 18:21:34
[SECURITY] [DSA 5470-1] python-werkzeug security update
2023-08-06 12:38:37
redos
redos
ROS-20230428-03
2023-04-28 00:00:00
ROS-20240703-09
2024-07-03 00:00:00
ubuntu
ubuntu
Werkzeug vulnerabilities
2023-06-20 00:00:00
Werkzeug vulnerabilities
2023-03-13 00:00:00
oraclelinux
oraclelinux
python-werkzeug security update
2023-08-06 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
59.1%
Related for REDHAT-RHSA-2023-1281.NASL