Security Advisories (1)

CVE-2025-40931 (2026-03-05)

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Apache::Session::Serialize::UUEncode - Use Storable and pack() to zip up persistent data

SYNOPSIS

use Apache::Session::Serialize::UUEncode;

$zipped = Apache::Session::Serialize::UUEncode::serialize($ref);
$ref = Apache::Session::Serialize::UUEncode::unserialize($zipped);

DESCRIPTION

This module fulfills the serialization interface of Apache::Session. It serializes the data in the session object by use of Storable's nfreeze() and thaw() functions, and Perl's pack() and unpack(). The serialized data is ASCII text, suitable for storage in backing stores that don't handle binary data gracefully, such as Postgres.

AUTHOR

This module was written by Jeffrey William Baker <jwbaker@acm.org>.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

AUTHOR

SEE ALSO

Module Install Instructions