CVE-2009-5015
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/11/2010
Last modified:
11/04/2025
Description
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:* | 2.1b2 (including) | |
| cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:turbogears:turbogears2:2.0b7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page