CVE-2023-23934
published 2023-02-14CVE-2023-23934: Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable…
PriorityP412low3.5CVSS 3.1
AVAACLPRNUIRSUCNILAN
EPSS
0.51%
39.4th percentile
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-werkzeug | < python-werkzeug 2.2.2-3 (bookworm) | python-werkzeug 2.2.2-3 (bookworm) |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python-werkzeug_2.2.3-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| pallets | werkzeug | < 2.2.3 | 2.2.3 |
| palletsprojects | werkzeug | < 2.2.3 | 2.2.3 |
| palletsprojects | werkzeug | >= 0 < 2.2.3 | 2.2.3 |
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv3.5LOW
vendor_debian2.6LOW
vendor_msrc2.6LOW
vendor_redhat2.6LOW
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Ubuntu
Werkzeug vulnerabilities
vendor_ubuntu·2023-06-20·CVSS 2.6
CVE-2023-25577 [LOW] Werkzeug vulnerabilities
Title: Werkzeug vulnerabilities
Summary: Several security issues were fixed in Werkzeug.
USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the
corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Werkzeug vulnerabilities
vendor_ubuntu·2023-03-13·CVSS 2.6
CVE-2023-23934 [LOW] Werkzeug vulnerabilities
Title: Werkzeug vulnerabilities
Summary: Several security issues were fixed in Werkzeug.
It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
vendor_msrc·2023-02-14·CVSS 2.6
CVE-2023-23934 [LOW] CWE-20 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Rele
Red Hat
python-werkzeug: cookie prefixed with = can shadow unprefixed cookie
vendor_redhat·2023-02-14·CVSS 2.6
CVE-2023-23934 [LOW] CWE-20 python-werkzeug: cookie prefixed with = can shadow unprefixed cookie
python-werkzeug: cookie prefixed with = can shadow unprefixed cookie
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =valu
Debian
CVE-2023-23934: python-werkzeug - Werkzeug is a comprehensive WSGI web application library. Browsers may allow "na...
vendor_debian·2023·CVSS 2.6
CVE-2023-23934 [LOW] CVE-2023-23934: python-werkzeug - Werkzeug is a comprehensive WSGI web application library. Browsers may allow "na...
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
Scope: local
bookworm: resolved (fixed in 2.2.2-3)
bullseye: resolved (fixed in 1.0.1+dfsg1-2+deb11u1)
forky: resolved (fixed in 2.2.2-3)
sid: resolved (fix
OSV
python-werkzeug vulnerabilities
osv·2023-03-13·CVSS 3.5
CVE-2023-23934 [LOW] python-werkzeug vulnerabilities
python-werkzeug vulnerabilities
It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)
OSV
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
osv·2023-02-15
CVE-2023-23934 [LOW] Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain.
Werkzeug <= 2.2.2 will parse the cookie `=__Host-test=bad` as `__Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.
GHSA
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
ghsa·2023-02-15
CVE-2023-23934 [LOW] CWE-20 Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain.
Werkzeug <= 2.2.2 will parse the cookie `=__Host-test=bad` as `__Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.
OSV
CVE-2023-23934: Werkzeug is a comprehensive WSGI web application library
osv·2023-02-14·CVSS 3.5
CVE-2023-23934 [LOW] CVE-2023-23934: Werkzeug is a comprehensive WSGI web application library
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028https://github.com/pallets/werkzeug/releases/tag/2.2.3https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22qhttps://security.netapp.com/advisory/ntap-20230818-0003/https://www.debian.org/security/2023/dsa-5470https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028https://github.com/pallets/werkzeug/releases/tag/2.2.3https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22qhttps://security.netapp.com/advisory/ntap-20230818-0003/https://www.debian.org/security/2023/dsa-5470
2023-02-14
Published