Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function
Vulnerability Description
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function. The HTTP::Session2 session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand() function is unsuitable for cryptographic usage. HTTP::Session2 after version 1.02 will attempt to use the /dev/urandom device to generate a session id, but if the device is unavailable (for example, under Windows), then it will revert to the insecure method described above.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
HTTP::Session2 安全漏洞
Vulnerability Description
HTTP::Session2是Tokuhiro Matsuno个人开发者的一个Perl包。 HTTP::Session2 1.12之前版本存在安全漏洞,该漏洞源于使用rand函数生成弱会话ID,可能导致会话ID被预测。
CVSS Information
N/A
Vulnerability Type
N/A