RSS   Podatności dla 'Turbogears2'   RSS

2010-11-05
 
CVE-2009-5015

CWE-noinfo
 

 
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.

 
 
CVE-2009-5014

CWE-310
 

 
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.

 


Copyright 2024, cxsecurity.com

 

Back to Top