CVE-2009-5014
Last modified
CVE-2009-5014 is a vulnerability of currently unknown severity. The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.. EPSS estimates a 1.36% chance of exploitation in the next 30 days.
Description
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Turbogears | Turbogears2 | <= 2.1b2 | — |
| Turbogears | Turbogears2 | 1.9.7a2 | — |
| Turbogears | Turbogears2 | 1.9.7a3 | — |
| Turbogears | Turbogears2 | 1.9.7a4 | — |
| Turbogears | Turbogears2 | 1.9.7b1 | — |
| Turbogears | Turbogears2 | 1.9.7b2 | — |
| Turbogears | Turbogears2 | 2.0 | Rc1 |
| Turbogears | Turbogears2 | 2.0.1 | — |
| Turbogears | Turbogears2 | 2.0b1 | — |
| Turbogears | Turbogears2 | 2.0b2 | — |
| Turbogears | Turbogears2 | 2.0b3 | — |
| Turbogears | Turbogears2 | 2.0b4 | — |
| Turbogears | Turbogears2 | 2.0b5 | — |
| Turbogears | Turbogears2 | 2.0b6 | — |
| Turbogears | Turbogears2 | 2.0b7 | — |
| Turbogears | Turbogears2 | 2.1a1 | — |
| Turbogears | Turbogears2 | 2.1a2 | — |
| Turbogears | Turbogears2 | 2.1a3 | — |
| Turbogears | Turbogears2 | 2.1b1 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-5014?
How severe is CVE-2009-5014?
How do I fix CVE-2009-5014?
Are you affected by CVE-2009-5014?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST