7.5

CVE-2008-2107

Exploit
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 4.4.7
PhpPhp Version5
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.39% 0.873
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://secunia.com/advisories/30967
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
http://secunia.com/advisories/30828
http://secunia.com/advisories/31119
http://secunia.com/advisories/31200
http://www.redhat.com/support/errata/RHSA-2008-0505.html
http://www.redhat.com/support/errata/RHSA-2008-0544.html
http://www.redhat.com/support/errata/RHSA-2008-0545.html
http://www.redhat.com/support/errata/RHSA-2008-0582.html
http://www.ubuntu.com/usn/usn-628-1
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
http://secunia.com/advisories/31124
http://www.redhat.com/support/errata/RHSA-2008-0546.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
http://secunia.com/advisories/32746
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://secunia.com/advisories/30757
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
Exploit
http://secunia.com/advisories/35003
http://securityreason.com/securityalert/3859
http://www.debian.org/security/2009/dsa-1789
http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
http://www.securityfocus.com/archive/1/491683/100/0/threaded
http://www.sektioneins.de/advisories/SE-2008-02.txt
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
https://exchange.xforce.ibmcloud.com/vulnerabilities/42284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644