2 matches found
CVE-2026-3255
HTTP::Session2 (Perl) vulnerable in versions before 1.12, where the session-id generator creates a SHA-1 hash seeded with the built-in rand() output, epoch time, and the process ID. The PID comes from a small set of numbers, and the epoch time may be guessed if not leaked via HTTP Date. rand() is...
CVE-2018-25160
Summary (CVE-2018-25160) : The Perl package HTTP::Session2 (versions through 1.09) does not validate the format of user-provided session IDs, enabling potential code injection or other impact depending on the session backend. Red Hat and EU/ENISA entries corroborate that insecure session-id handl...