Fluid Attacks Database

Description

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	libapache-session-perl	=1.94-2
debian 11	libapache-session-perl	=1.94-1 \|\| =1.94-2
debian 13	libapache-session-perl	=1.94-2
debian 14	libapache-session-perl	=1.94-2

Aliases

1. CVE-2013-100752. NVD-2013-100753. OSV-DEBIAN-2013-100754. OSV-2013-100755. SECURITY-TRACKER-CVE-2013-10075

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.