CVE-2013-10075
CRITICALApache::Session versions through 1.94 for Perl re-creates deleted sessions
Title source: cnaDescription
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/05/08/12
Issue Tracking issue-tracking
https://rt.cpan.org/Public/Bug/Display.html?id=83525
Scores
CVSS v3
9.1
EPSS
0.0036
EPSS Percentile
27.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-672
Status
published
Products (2)
CHORNY/Apache::Session
< 1.94
chorny/apache\
< 1.94
Published
May 08, 2026
Tracked Since
May 08, 2026