======================================================================== CVE-2013-10075 CPAN Security Group ========================================================================
CVE ID: CVE-2013-10075 Distribution: Apache-Session Versions: through 1.94 MetaCPAN: https://metacpan.org/dist/Apache-Session VCS Repo: http://github.com/chorny/Apache-Session Apache::Session versions through 1.94 for Perl re-creates deleted sessions Description ----------- Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted. Problem types ------------- - CWE-672 Operation on a Resource after Expiration or Release Workarounds ----------- Use a database store based on Apache::Session::Store::DBI. References ---------- https://rt.cpan.org/Public/Bug/Display.html?id=83525 Timeline -------- - 2013-02-21: Issue reported Credits ------- Thomas Sibley, finder
