CVE-2009-10007
Publication date 9 June 2026
Last updated 9 June 2026
Ubuntu priority
Description
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libcatalyst-plugin-authentication-perl | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2009-10007
- https://lists.security.metacpan.org/cve-announce/msg/40832427/
- https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b1385ea87a2491b64f33169222af19982d0acce3.patch
- https://metacpan.org/pod/Catalyst::Plugin::Session#change_session_id
- https://metacpan.org/pod/Plack::Middleware::Session#change_id
- https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_027/changes