PatchSiren cyber security CVE debrief
CVE-2009-10007 ETHER CVE debrief
CVE-2009-10007 is a critical vulnerability in Catalyst::Plugin::Authentication versions before 0.10_027 for Perl. The plugin does not automatically change the session id after authentication, making it susceptible to session fixation attacks. An attacker who obtains a session id cookie can use this to impersonate the victim.
- Vendor
- ETHER
- Product
- Catalyst::Plugin::Authentication
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Catalyst::Plugin::Authentication versions before 0.10_027 for Perl should be aware of this vulnerability and take steps to mitigate it.
Technical summary
Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.
Defensive priority
high
Recommended defensive actions
- Upgrade to Catalyst::Plugin::Authentication version 0.10_027 or later.
- Use a secure session management system that automatically changes the session id after authentication.
- Implement additional security measures to protect against session fixation attacks.
Evidence notes
The CVE-2009-10007 vulnerability has a CVSS score of 9.1 and is classified as CRITICAL.
Official resources
-
CVE-2009-10007 CVE record
CVE.org
-
CVE-2009-10007 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
9b29abf9-4ab0-4765-b253-1875cd9b441e
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2009-10007 was published on 2026-06-09T09:16:27.183Z and modified on 2026-06-09T16:16:33.090Z.