CVE-2009-10007: Catalyst::Plugin::Authentication Session Fixation
ID: 5cc17e2d-33e5-5433-af54-7d141de1cc76
STIX ID: report--5cc17e2d-33e5-5433-af54-7d141de1cc76
Feed Name: CosmicBytez Labs
**CVE-2009-10007 — Session Fixation in Catalyst::Plugin::Authentication:** A critical (CVSS 9.1) session fixation vulnerability affecting Catalyst::Plugin::Authentication versions prior to 0.10_027 allows an attacker who obtains or pre-sets a session cookie to impersonate a user after they log in; the report explains the root cause (no session ID regeneration), exploitation steps, impact (full account takeover), affected deployments, and recommended remediation (upgrade to 0.10_027+, enforce secure/HttpOnly cookies, shorten timeouts, and monitor sessions).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.