CVE-2009-10007

CVE-2009-10007: Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Vendor Ether
Product Catalyst::Plugin::Authentication
Weakness CWE-384 · Session fixation
Published June 9, 2026
Last update June 9, 2026

CVSS base score

What the vulnerability does

01Description

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 9, 2026 Record updated