CVE-2009-10007— Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

AI Predicted 6.5 Difficulty: Easy EPSS 0.37% · P29 Updated Jun 13, 2026

Possible ATT&CK Techniques 2AI

T1110.004 · Credential Stuffing T1078 · Valid Accounts

Affected Version Matrix 1

Vendor	Product	Version Range	Status
ETHER	Catalyst::Plugin::Authentication	`< 0.10_027`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-10007

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Source: NVD (National Vulnerability Database)

Vulnerability Description

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

会话固定

Source: NVD (National Vulnerability Database)

Vulnerability Title

Catalyst-Plugin-Authentication 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Catalyst-Plugin-Authentication是Catalyst开源的一个身份验证插件框架。 Catalyst-Plugin-Authentication 0.10_027之前版本存在授权问题漏洞，该漏洞源于认证后未自动更改会话ID，可能导致会话固定攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ETHER	Catalyst::Plugin::Authentication	0 ~ 0.10_027	-

II. Public POCs for CVE-2009-10007

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-10007

请登录查看更多情报信息。

Patches & Fixes for CVE-2009-10007 (2)

Security Blog Posts for CVE-2009-10007 (1)

🔗 Catalyst::Plugin::Session - Generic Session plugin - ties together server side storage and client side state required to maintain session data. - metacpan.org Read full article

https://nvd.nist.gov/vuln/detail/CVE-2009-10007

IV. Related Vulnerabilities

Same product: Catalyst::Plugin::Authentication

CVE-2026-5091
Catalyst::Plugin::Authentication versions through 0.10024 fo

Same vendor: ETHER

Same weakness: CWE-384

V. Comments for CVE-2009-10007

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2009-10007— Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2009-10007

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-10007

III. Intelligence Information for CVE-2009-10007

Patches & Fixes for CVE-2009-10007 (2)

Security Blog Posts for CVE-2009-10007 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2009-10007

Leave a comment