CVE-2009-10007
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
10th
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.
| CWE | CWE-384 |
| Vendor | ether |
| Product | catalyst::plugin::authentication |
| Published | Jun 9, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for ether catalyst::plugin::authentication
Be the first to know when new critical vulnerabilities affecting ether catalyst::plugin::authentication are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ETHER / Catalyst::Plugin::Authentication
0 < 0.10_027
References
metacpan.org: https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_027/changes github.com: https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b1385ea87a2491b64f33169222af19982d0acce3.patch metacpan.org: https://metacpan.org/pod/Catalyst::Plugin::Session#change_session_id metacpan.org: https://metacpan.org/pod/Plack::Middleware::Session#change_id openwall.com: http://www.openwall.com/lists/oss-security/2026/06/09/10