Security Advisories (1)

CVE-2026-5084 (2026-05-11)

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function. The rand function is passed a maximum value based on the process id, the epoch time and the reference address of the object, but this information will have no effect on the overall quality of the seed of the message digest. The rand function is seeded by 32-bits and is predictable. It is considered unsuitable for cryptographic purposes. Predictable session ids could allow an attacker to gain access to systems. Note that WebDyne::Session versions 1.042 and earlier appear to be in separate distributions from WebDyne.

Name

wdapacheinit - configure Apache to process .psp files through WebDyne

Synopsis

wdapacheinit [options]

Options

-?, --help Show brief help message

--man: Display the manual page
--uname: The user name that the Apache daemon runs under when started, e.g. "varname", "httpd", "apache" etc.
--gname: The group name that the Apache daemons runs under when started
--httpd_bin: Full path and filename of Apache httpd executable, e.g./opt/apache/bin/httpd
--mod_perl_lib: Full path and filename of the Apache mod_perl library, e.g. /opt/apache/lib/modules/mod_perl.so
--dir_apache_conf: Location (directory name) where the main Apache config file resides, e.g /opt/apache/etc/conf
--dir_webdyne_cache: Location (directort name) where partially compiled psp files will be cached
--silent: No output
--uninstall: Remove references to WebDyne from Apache config files

Description

wdapacheinit will attempt to locate Apache configuration files and modify them so that requests for .psp pages are processed through the perl-handler WebDyne module.

Where Apache uses a conf.d configuration file structure the installer will simply create a webdyne.conf file with the appropriate configuration int the conf.d directory. Where no conf.d structure can be found the installer will create the webdyne.conf file in the same location as the main Apachehttpd.conf file, then modify httpd.conf to append an include reference to the Webdyne config file.

The installer will attempt to locate the necessary files and other information using common defaults - however if it can not discover the required information automatically (e.g. the path to the Apache binary) it will be necessary to specify it explicitly using the appropriate command line option.

Author

Written by Andrew Speer, andrew@webdyne.org

LICENSE and COPYRIGHT

This file is part of WebDyne.

This is free software, licensed under:

The GNU General Public License, Version 2, June 1991

Full license text is available at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

To install WebDyne, copy and paste the appropriate command in to your terminal.

cpanm

cpanm WebDyne

CPAN shell

perl -MCPAN -e shell
install WebDyne

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)