CVE-2009-10007
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl are susceptible to session fixation attacks. The plugin does not automatically change the session id after authentication, allowing an attacker to impersonate the victim.
Risk Assessment
The organization may be exposed to session hijacking of users, leading to unauthorized access to resources. An attacker with the session id can take control of the victim's account.
Recommendation
It is recommended to update Catalyst::Plugin::Authentication to version 0.10_027 or later to mitigate the risk of session fixation attacks. Additionally, implementing mechanisms to change the session id after authentication is advisable.
Original NVD description (English source)
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

