CVE-2013-10075

EUVD-2013-7294
Apache::Session versions through 1.94 for Perl re-creates deleted sessions.

The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist.  This can lead to sessions being revived, potentially with data that was to be deleted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
chornyapache\
𝑥
≤ 1.94
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache-session-perl
bookworm
vulnerable
bullseye
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Common Weakness Enumeration
References
https://rt.cpan.org/Public/Bug/Display.html?id=83525
http://www.openwall.com/lists/oss-security/2026/05/08/12