CVE-2009-5014

Published Nov 6, 2010

Last updated 3 months ago

CVSS info 7.5

Overview

Description: The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BB596B6-3E2A-4961-AD67-B7E74DA85705",
            "versionEndIncluding": "2.1b2"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "802FBC58-C096-4960-8AAF-C45E82AF1CF0"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5ABF22A-389C-45E4-88DB-9C14B0D07DFA"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40144A54-DDF6-4CD2-BC53-6B801B9F2A4E"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E032AF6B-7A03-4DB2-9018-6A8B3EF708C0"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5EBB8AF-5428-471B-BE25-90C905A8A522"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0799228C-833A-43CC-A65B-9A727C75E644"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "782BD6DB-665A-4497-A1E9-5FE864A7EC07"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27CAAB6C-C3DB-4F1E-80DA-7E4D04B5E48C"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28A0004D-7B94-4456-818B-440D3969A5FA"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E6F15E3-8F19-4EC3-95EA-AA0358AB6A6F"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2073CB4F-C18B-4F63-851D-38C3F0262B79"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D6300E-4D32-49B9-A25A-F3166D3385FA"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6AC9CAD-D54F-4E58-B515-AEA861594480"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB6DCDEF-590F-43B2-8550-075FEE546764"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B62D4F9E-4D8A-4F2A-9028-4C870DED0141"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E95E2E8A-C609-47E1-B614-A785547FBEE4"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AED604B-C756-4477-897C-7A41F37A0EF5"
          },
          {
            "criteria": "cpe:2.3:a:turbogears:turbogears2:2.1b1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2576B8ED-7CAE-4028-AD0C-3B446B3E1C01"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References