CVE-2009-10007

NameCVE-2009-10007
DescriptionCatalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1139461

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcatalyst-plugin-authentication-perl (PTS)bullseye0.10023-3vulnerable
bookworm0.10023-4vulnerable
trixie0.10024-1vulnerable
forky, sid0.10026-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcatalyst-plugin-authentication-perlsource(unstable)(unfixed)1139461

Notes

[trixie] - libcatalyst-plugin-authentication-perl <no-dsa> (Minor issue)
https://lists.security.metacpan.org/cve-announce/msg/40832427/
Fixed by: https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b1385ea87a2491b64f33169222af19982d0acce3 (v0.10_027)
Search for package or bug name: Reporting problems