CVE-2009-5014
Published Nov 6, 2010
Last updated 14 years ago
Overview
- Description
- The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BB596B6-3E2A-4961-AD67-B7E74DA85705",
"versionEndIncluding": "2.1b2"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "802FBC58-C096-4960-8AAF-C45E82AF1CF0"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5ABF22A-389C-45E4-88DB-9C14B0D07DFA"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40144A54-DDF6-4CD2-BC53-6B801B9F2A4E"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E032AF6B-7A03-4DB2-9018-6A8B3EF708C0"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5EBB8AF-5428-471B-BE25-90C905A8A522"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0799228C-833A-43CC-A65B-9A727C75E644"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "782BD6DB-665A-4497-A1E9-5FE864A7EC07"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27CAAB6C-C3DB-4F1E-80DA-7E4D04B5E48C"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28A0004D-7B94-4456-818B-440D3969A5FA"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E6F15E3-8F19-4EC3-95EA-AA0358AB6A6F"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2073CB4F-C18B-4F63-851D-38C3F0262B79"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2D6300E-4D32-49B9-A25A-F3166D3385FA"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6AC9CAD-D54F-4E58-B515-AEA861594480"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB6DCDEF-590F-43B2-8550-075FEE546764"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B62D4F9E-4D8A-4F2A-9028-4C870DED0141"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E95E2E8A-C609-47E1-B614-A785547FBEE4"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AED604B-C756-4477-897C-7A41F37A0EF5"
},
{
"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1b1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2576B8ED-7CAE-4028-AD0C-3B446B3E1C01"
}
],
"operator": "OR"
}
]
}
]