Vulnerability Details CVE-2009-5014
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2009-5014
-
cpe:2.3:a:turbogears:turbogears2:*
-
cpe:2.3:a:turbogears:turbogears2:1.9.7a2
-
cpe:2.3:a:turbogears:turbogears2:1.9.7a3
-
cpe:2.3:a:turbogears:turbogears2:1.9.7a4
-
cpe:2.3:a:turbogears:turbogears2:1.9.7b1
-
cpe:2.3:a:turbogears:turbogears2:1.9.7b2
-
cpe:2.3:a:turbogears:turbogears2:2.0
-
cpe:2.3:a:turbogears:turbogears2:2.0.1
-
cpe:2.3:a:turbogears:turbogears2:2.0b1
-
cpe:2.3:a:turbogears:turbogears2:2.0b2
-
cpe:2.3:a:turbogears:turbogears2:2.0b3
-
cpe:2.3:a:turbogears:turbogears2:2.0b4
-
cpe:2.3:a:turbogears:turbogears2:2.0b5
-
cpe:2.3:a:turbogears:turbogears2:2.0b6
-
cpe:2.3:a:turbogears:turbogears2:2.0b7
-
cpe:2.3:a:turbogears:turbogears2:2.1a1
-
cpe:2.3:a:turbogears:turbogears2:2.1a2
-
cpe:2.3:a:turbogears:turbogears2:2.1a3
-
cpe:2.3:a:turbogears:turbogears2:2.1b1