{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-05T22:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[turbogears-announce] 20090811 Critical security update for tg2 users!", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5014", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[turbogears-announce] 20090811 Critical security update for tg2 users!", "refsource": "MLIST", "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:24:54.052Z"}, "title": "CVE Program Container", "references": [{"name": "[turbogears-announce] 20090811 Critical security update for tg2 users!", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-5014", "datePublished": "2010-11-05T22:00:00.000Z", "dateReserved": "2010-11-05T00:00:00.000Z", "dateUpdated": "2024-09-16T22:25:19.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BB596B6-3E2A-4961-AD67-B7E74DA85705", "versionEndIncluding": "2.1b2", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:*", "matchCriteriaId": "802FBC58-C096-4960-8AAF-C45E82AF1CF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:*", "matchCriteriaId": "F5ABF22A-389C-45E4-88DB-9C14B0D07DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:*", "matchCriteriaId": "40144A54-DDF6-4CD2-BC53-6B801B9F2A4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:*", "matchCriteriaId": "E032AF6B-7A03-4DB2-9018-6A8B3EF708C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:*", "matchCriteriaId": "C5EBB8AF-5428-471B-BE25-90C905A8A522", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0799228C-833A-43CC-A65B-9A727C75E644", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "782BD6DB-665A-4497-A1E9-5FE864A7EC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:*", "matchCriteriaId": "27CAAB6C-C3DB-4F1E-80DA-7E4D04B5E48C", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:*", "matchCriteriaId": "28A0004D-7B94-4456-818B-440D3969A5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b3:*:*:*:*:*:*:*", "matchCriteriaId": "0E6F15E3-8F19-4EC3-95EA-AA0358AB6A6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b4:*:*:*:*:*:*:*", "matchCriteriaId": "2073CB4F-C18B-4F63-851D-38C3F0262B79", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b5:*:*:*:*:*:*:*", "matchCriteriaId": "C2D6300E-4D32-49B9-A25A-F3166D3385FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b6:*:*:*:*:*:*:*", "matchCriteriaId": "F6AC9CAD-D54F-4E58-B515-AEA861594480", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.0b7:*:*:*:*:*:*:*", "matchCriteriaId": "EB6DCDEF-590F-43B2-8550-075FEE546764", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a1:*:*:*:*:*:*:*", "matchCriteriaId": "B62D4F9E-4D8A-4F2A-9028-4C870DED0141", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a2:*:*:*:*:*:*:*", "matchCriteriaId": "E95E2E8A-C609-47E1-B614-A785547FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1a3:*:*:*:*:*:*:*", "matchCriteriaId": "5AED604B-C756-4477-897C-7A41F37A0EF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:turbogears:turbogears2:2.1b1:*:*:*:*:*:*:*", "matchCriteriaId": "2576B8ED-7CAE-4028-AD0C-3B446B3E1C01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852."}, {"lang": "es", "value": "La configuraci\u00f3n de inicio r\u00e1pido por defecto de TurboGears2 (o TG2) antes de su versi\u00f3n v2.0.2 tiene una cookie 'salt' d\u00e9bil, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos evitar la autenticaci\u00f3n de repoze.who a trav\u00e9s de una cookie falsificada. Es un problema relacionado con el CVE-2010-3852."}], "id": "CVE-2009-5014", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-06T00:00:01.220", "references": [{"source": "cve@mitre.org", "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}