Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
Vulnerability Description
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. The distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
HTTP::Session 安全漏洞
Vulnerability Description
HTTP::Session是KTAT个人开发者的一个用于Web应用中会话管理与状态维护的服务器端组件库。 HTTP::Session 0.53及之前版本存在安全漏洞,该漏洞源于默认使用不安全生成的会话ID,可能导致会话ID被猜测。
CVSS Information
N/A
Vulnerability Type
N/A