Session Fixation Vulnerability in Catalyst::Plugin::Authentication for Perl
CVE-2009-10007

9.1CRITICAL

Key Information:

Vendor

Ether

Vendor
CVE Published:
9 June 2026

What is CVE-2009-10007?

Catalyst::Plugin::Authentication for Perl versions prior to 0.10_027 is vulnerable to session fixation attacks. This vulnerability arises because the plugin does not automatically change the session ID after a user successfully authenticates. Consequently, if an attacker manages to capture a session ID cookie, they can impersonate the victim and gain unauthorized access to their session, compromising the security of the user and their data.

Affected Version(s)

Catalyst::Plugin::Authentication 0 < 0.10_027

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.