CVE-2013-10075

Summary

Apache::Session versions through 1.94 for Perl re-creates deleted sessions.

The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

Affected Software

VendorProductVersion RangeStatus
CHORNYApache::Session0 <= 1.94affected

Weaknesses

  • CWE-672: CWE-672 Operation on a Resource after Expiration or Release

Workarounds

Use a database store based on Apache::Session::Store::DBI.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References