VYPR

Apache Session Browseable

by Lemonldap Ng

Source repositories

CVEs (2)

  • CVE-2026-8503MedMay 15, 2026
    risk 0.35cvss 6.5epss 0.00

    Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the…

  • CVE-2020-36659Jan 27, 2023
    risk 0.00cvss epss 0.00

    In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction…