VYPR

Apache-Session

by Apache

Source repositories

CVEs (2)

  • CVE-2025-40931CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID.…

  • CVE-2025-40932Feb 26, 2026
    risk 0.00cvss epss 0.00

    Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and…