/ 
WebDyne-1.218
Security Advisories (1)
CVE-2026-5084 (2026-05-11)

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function. The rand function is passed a maximum value based on the process id, the epoch time and the reference address of the object, but this information will have no effect on the overall quality of the seed of the message digest. The rand function is seeded by 32-bits and is predictable. It is considered unsuitable for cryptographic purposes. Predictable session ids could allow an attacker to gain access to systems. Note that WebDyne::Session versions 1.042 and earlier appear to be in separate distributions from WebDyne.

Documentation

wdapacheinit
configure Apache to process .psp files through WebDyne
wdcompile
parse and compile WebDyne pages
wddebug
enable or disable debugging within WebDyne modules
wddump
dump the data structure of a WebDyne page in the cache directory
wdrender
parse and render WebDyne pages

Modules

WebDyne
create web pages with embedded Perl

Provides

WebDyne::Base
in lib/WebDyne/Base.pm
WebDyne::Cache
in lib/WebDyne/Cache.pm
WebDyne::Compile
in lib/WebDyne/Compile.pm
WebDyne::Constant
in lib/WebDyne/Constant.pm
WebDyne::Err
in lib/WebDyne/Err.pm
WebDyne::Err::Constant
in lib/WebDyne/Err/Constant.pm
WebDyne::HTML::TreeBuilder
in lib/WebDyne/HTML/TreeBuilder.pm
WebDyne::Handler
in lib/WebDyne/Handler.pm
WebDyne::Install
in lib/WebDyne/Install.pm
WebDyne::Install::Apache
in lib/WebDyne/Install/Apache.pm
WebDyne::Install::Apache::Constant
in lib/WebDyne/Install/Apache/Constant.pm
WebDyne::Install::Constant
in lib/WebDyne/Install/Constant.pm
WebDyne::Request::Fake
in lib/WebDyne/Request/Fake.pm
WebDyne::Static
in lib/WebDyne/Static.pm
WebDyne::TieHandle
in lib/WebDyne.pm

Other files