Home / Vulnerability Intelligence / CVE-2013-10075

CVE-2013-10075 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: May 8, 2026

Apache::Session - Authentication Bypass

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

Apache::Session <= 1.94 for Perl contains a session re-creation vulnerability caused by Apache::Session::Store::File and Apache::Session::Store::DB_File re-creating deleted sessions, letting attackers potentially revive deleted session data, exploit requires crafted session manipulation.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can revive deleted sessions, potentially accessing sensitive or stale session data.

Mitigation

Update to the latest version of Apache::Session.

References

https://rt.cpan.org/Public/Bug/Display.html?id=83525
http://www.openwall.com/lists/oss-security/2026/05/08/12

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2013-10075
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: confirmed

CWE

CWE-672

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N