CRITICAL🇵🇱 Wersja polska

CVE-2013-10075

CVSS 9.1v3.1pub. 2026-05-08

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Chorny Apache\

    APP
    Chorny
    \
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-5081CRITICAL9.1PL ✓ten sam produkt

Apache::Session::Generate::ModUniqueId — przewidywalne identyfikatory sesji

CVE-2025-40931CRITICAL9.1PL ✓ten sam produkt

Przewidywalne identyfikatory sesji w Apache::Session::Generate::MD5 (Perl)