CVE Vulnerabilities

CVE-2009-5015

Published: Nov 06, 2010 | Modified: Nov 09, 2010
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.

Affected Software

Name Vendor Start Version End Version
Turbogears2 Turbogears * 2.1b2
Turbogears2 Turbogears 1.9.7a2 1.9.7a2
Turbogears2 Turbogears 1.9.7a3 1.9.7a3
Turbogears2 Turbogears 1.9.7a4 1.9.7a4
Turbogears2 Turbogears 1.9.7b1 1.9.7b1
Turbogears2 Turbogears 1.9.7b2 1.9.7b2
Turbogears2 Turbogears 2.0 2.0
Turbogears2 Turbogears 2.0.1 2.0.1
Turbogears2 Turbogears 2.0b1 2.0b1
Turbogears2 Turbogears 2.0b2 2.0b2
Turbogears2 Turbogears 2.0b3 2.0b3
Turbogears2 Turbogears 2.0b4 2.0b4
Turbogears2 Turbogears 2.0b5 2.0b5
Turbogears2 Turbogears 2.0b6 2.0b6
Turbogears2 Turbogears 2.0b7 2.0b7
Turbogears2 Turbogears 2.1a1 2.1a1
Turbogears2 Turbogears 2.1a2 2.1a2
Turbogears2 Turbogears 2.1a3 2.1a3
Turbogears2 Turbogears 2.1b1 2.1b1

References