CVE-2009-5015

The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
turbogearsturbogears2
𝑥
≤ 2.1b2
turbogearsturbogears2
1.9.7a2:a2
turbogearsturbogears2
1.9.7a3:a3
turbogearsturbogears2
1.9.7a4:a4
turbogearsturbogears2
1.9.7b1:b1
turbogearsturbogears2
1.9.7b2:b2
turbogearsturbogears2
2.0:rc1
turbogearsturbogears2
2.0.1
turbogearsturbogears2
2.0b1:b1
turbogearsturbogears2
2.0b2:b2
turbogearsturbogears2
2.0b3:b3
turbogearsturbogears2
2.0b4:b4
turbogearsturbogears2
2.0b5:b5
turbogearsturbogears2
2.0b6:b6
turbogearsturbogears2
2.0b7:b7
turbogearsturbogears2
2.1a1:a1
turbogearsturbogears2
2.1a2:a2
turbogearsturbogears2
2.1a3:a3
turbogearsturbogears2
2.1b1:b1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
turbogears2
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
dne
dapper
dne
References
http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain
http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain