Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46136 advisory.

  - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF     and then is followed by megabytes of data without these characters: all of these bytes are appended chunk     by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. This     vulnerability has been patched in version 3.0.1. (CVE-2023-46136)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory.

  - python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0189 advisory.

    Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to     handle entity tags, cache control headers, HTTP dates, cookie handling, file uploads, a URL routing system     and a numerous community contributed add-on modules.

    Werkzeug is unicode aware and does not enforce a specific template engine, database adapter or a specific     way of handling requests. It is useful for end user applications, such as blogs, wikis, and bulletin     boards, that need to  operate in a wide variety of server environments.

    Security Fix(es):

    * high resource consumption leading to denial of service (CVE-2023-46136)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory.

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

  - python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory.

  - python-werkzeug: high resource usage when parsing multipart form data with many fields (CVE-2023-25577)

  - haproxy: Proxy forwards malformed empty Content-Length headers (CVE-2023-40225)

  - python-werkzeug: high resource consumption leading to denial of service (CVE-2023-46136)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory.

  - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart     form data parser will parse an unlimited number of parts, including file parts. Parts can be a small     amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request     can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or     `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. The amount     of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory     and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all     available workers. Version 2.2.3 contains a patch for this issue. (CVE-2023-25577)

  - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x     before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers,     violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the     payload as an extra request. (CVE-2023-40225)

  - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF     and then is followed by megabytes of data without these characters: all of these bytes are appended chunk     by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. This     vulnerability has been patched in version 3.0.1. (CVE-2023-46136)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory.

  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation     can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

  - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF     and then is followed by megabytes of data without these characters: all of these bytes are appended chunk     by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. This     vulnerability has been patched in version 3.0.1. (CVE-2023-46136)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0214 advisory.

    Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to     handle entity tags, cache control headers, HTTP dates, cookie handling, file uploads, a URL routing system     and a numerous community contributed add-on modules.

    Werkzeug is unicode aware and does not enforce a specific template engine, database adapter or a specific     way of handling requests. It is useful for end user applications, such as blogs, wikis, and bulletin     boards, that need to  operate in a wide variety of server environments.

    Security Fix(es):

    * high resource consumption leading to denial of service (CVE-2023-46136)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4288-1 advisory.

  - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF     and then is followed by megabytes of data without these characters: all of these bytes are appended chunk     by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an     attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it.
    The amount of CPU time required can block worker processes from handling legitimate requests. This     vulnerability has been patched in version 3.0.1. (CVE-2023-46136)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
201581	CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2023-46136)	Nessus	MarinerOS Local Security Checks	high
194439	RHEL 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)	Nessus	Red Hat Local Security Checks	high
194379	RHEL 8 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0189)	Nessus	Red Hat Local Security Checks	high
193432	RHEL 8 / 9 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)	Nessus	Red Hat Local Security Checks	high
193429	RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)	Nessus	Red Hat Local Security Checks	high
189458	RHCOS 4 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)	Nessus	Red Hat Local Security Checks	high
189453	RHCOS 4 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)	Nessus	Red Hat Local Security Checks	high
189079	RHEL 9 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0214)	Nessus	Red Hat Local Security Checks	high
184122	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:4288-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-46136

high

Tenable Plugins

high

high

high

high

high

high

high

high

high