CVE-2022-29361
published 2022-05-25CVE-2022-29361: Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.66%
93.8th percentile
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palletsprojects | werkzeug | <= 2.1.0 | — |
| palletsprojects | werkzeug | >= 0 < 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 |
| palletsprojects | werkzeug | >= 0 < 2.1.1 | 2.1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP Request Smuggling via crafted request with multiple requests inside the body targeting Werkzeug v2.1.0 and below running in debug mode ↗
- →Client-Side Desync attack on Werkzeug: payload sent in the request body is interpreted as the next request by the server, enabling control of arbitrary bytes of the subsequent request ↗
- →Werkzeug debug mode exposes /debug console endpoint; combined with path traversal to read /proc/self/cgroup, /etc/passwd, and MAC address files, an attacker can reconstruct the Werkzeug PIN ↗
- ·Vendor states the HTTP Request Smuggling behavior only occurs in unsupported configurations: Werkzeug running in debug mode with an HTTP server from outside the Werkzeug project ↗
- ·Red Hat Product Security does not consider this to be a vulnerability and marks all their packages as Not affected ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (Werkzeug) — CVE-2022-29361
vendor_oracle·2023-07-15·CVSS 9.8
CVE-2022-29361 [CRITICAL] Oracle Oracle Analytics Risk Matrix: Analytics Server (Werkzeug) — CVE-2022-29361
Oracle Oracle Analytics Risk Matrix: Analytics Server (Werkzeug) vulnerability
CVE: CVE-2022-29361
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Red Hat
python-Werkzeug: HTTP Request Smuggling
vendor_redhat·2022-05-25·CVSS 9.8
CVE-2022-29361 [CRITICAL] CWE-444 python-Werkzeug: HTTP Request Smuggling
python-Werkzeug: HTTP Request Smuggling
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
Stateme
GHSA
GHSA-7wxw-4483-3m34: Improper parsing of HTTP requests in Pallets Werkzeug v2
ghsa_unreviewed·2022-05-26
CVE-2022-29361 GHSA-7wxw-4483-3m34: Improper parsing of HTTP requests in Pallets Werkzeug v2
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.
OSV
CVE-2022-29361: Improper parsing of HTTP requests in Pallets Werkzeug v2
osv·2022-05-25·CVSS 9.8
CVE-2022-29361 [CRITICAL] CVE-2022-29361: Improper parsing of HTTP requests in Pallets Werkzeug v2
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
OSV
CVE-2022-29361: ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2
osv·2022-05-25
CVE-2022-29361 CVE-2022-29361: ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2
** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.
No detection rules found.
No public exploits indexed.
Qualys
Oracle Patch Tuesday, July 2023 Security Update Review
blogs_qualys·2023-07-19
Oracle Patch Tuesday, July 2023 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products.
During Q3 2023 Oracle Critical Patch Update, the Oracle Financial Services Applications received the highest number of 147 patches, constituting 29% of the total patches released. Oracle Communications and Oracle Fusion Middleware followed, with
Qualys
Oracle Patch Tuesday, July 2023 Security Update Review | Qualys
blogs_qualys·2023-07-19
Oracle Patch Tuesday, July 2023 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
Oracle has released its third quarterly edition of Critical Patch Update, which contains a group of patches for 508 security vulnerabilities. Some of the vulnerabilities addressed this month impact more than one product. These patches address vulnerabilities in Oracle code and third-party components included in Oracle products.
During Q3 2023 Oracle Critical Patch Update, the Oracle Financial Services Applications received the highest number of 147 patches, constituting 29% of the total patches released. Oracle Communications and Oracle Fusion Middleware followe
CTF
HTBBusiness / web-desynth-recruit
ctf_writeups·2023
HTBBusiness / web-desynth-recruit
Me and my friend (@0xbla) spent our weekend solving a very interesting challenge from HTB Business CTF
The challenge was very realistic and it required you to chain a lot of other bugs to solve it, probably the best one we have ever seen.
I will give you a basic idea about the challenge:
The application had basic login/signup flow
Once logged in you were redirect to the `/settings` endpoint which allowed you to make changes to your profile: http://localhost:1337/settings
The Bio input field says that *Bio (limited HTML supported)* , so we will put some basic html tags and see if they are rendered or not `shirley` , there is also a file upload which only allows to upload png files.
Once we submit this form , we get this message: *Your profile is now public*
We can now visit our pro
2022-05-25
Published