← Volver a CVEs
CVE-2018-25160
MEDIUM6.5
Descripcion
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/27/2026
Ultima modificacion3/18/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
tokuhirom:http\
Debilidades (CWE)
CWE-20
Referencias
https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d.patch(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://metacpan.org/pod/Cache::Memcached::Fast::Safe(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.10/source/Changes(9b29abf9-4ab0-4765-b253-1875cd9b441e)
http://www.openwall.com/lists/oss-security/2026/02/27/13(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.