5.1

CVE-2008-4107

EPSS 10.37%
Published 18.09.2008 17:59:33
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version <= 4.4.8

Php ≫ Php Version4.0 Updatebeta1

Php ≫ Php Version4.0 Updatebeta3

Php ≫ Php Version4.0 Updaterc1

Php ≫ Php Version4.0 Updaterc2

Php ≫ Php Version4.0.0

Php ≫ Php Version4.0.1

Php ≫ Php Version4.0.1 Updatepatch1

Php ≫ Php Version4.0.1 Updatepatch2

Php ≫ Php Version4.0.2

Php ≫ Php Version4.0.3 Updatepatch1

Php ≫ Php Version4.0.4 Updatepatch1

Php ≫ Php Version4.0.5

Php ≫ Php Version4.0.6

Php ≫ Php Version4.0.7

Php ≫ Php Version4.0.7 Updaterc2

Php ≫ Php Version4.0.7 Updaterc3

Php ≫ Php Version4.0.7 Updaterc4

Php ≫ Php Version4.1.0

Php ≫ Php Version4.1.1

Php ≫ Php Version4.1.2

Php ≫ Php Version4.2 Editiondev

Php ≫ Php Version4.2.0

Php ≫ Php Version4.2.1

Php ≫ Php Version4.2.2

Php ≫ Php Version4.2.3

Php ≫ Php Version4.3.0

Php ≫ Php Version4.3.1

Php ≫ Php Version4.3.2

Php ≫ Php Version4.3.3

Php ≫ Php Version4.3.4

Php ≫ Php Version4.3.5

Php ≫ Php Version4.3.6

Php ≫ Php Version4.3.7

Php ≫ Php Version4.3.8

Php ≫ Php Version4.3.9

Php ≫ Php Version4.3.10

Php ≫ Php Version4.3.11

Php ≫ Php Version4.4.0

Php ≫ Php Version4.4.1

Php ≫ Php Version4.4.2

Php ≫ Php Version4.4.3

Php ≫ Php Version4.4.4

Php ≫ Php Version4.4.5

Php ≫ Php Version4.4.6

Php ≫ Php Version4.4.7

Php ≫ Php Version <= 5.2.5

Php ≫ Php Version5.0.0 Updatebeta1

Php ≫ Php Version5.0.0 Updatebeta2

Php ≫ Php Version5.0.0 Updatebeta4

Php ≫ Php Version5.0.0 Updaterc1

Php ≫ Php Version5.0.1

Php ≫ Php Version5.0.4

Php ≫ Php Version5.0.5

Php ≫ Php Version5.1.0

Php ≫ Php Version5.1.2

Php ≫ Php Version5.1.4

Php ≫ Php Version5.1.5

Php ≫ Php Version5.1.6

Php ≫ Php Version5.2.0

Php ≫ Php Version5.2.1

Php ≫ Php Version5.2.2

Php ≫ Php Version5.2.3

Php ≫ Php Version5.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.37%	0.93

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://www.sektioneins.de/advisories/SE-2008-02.txt

http://securityreason.com/securityalert/4271

http://www.securityfocus.com/archive/1/496237/100/0/threaded

http://www.sektioneins.de/advisories/SE-2008-04.txt

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

http://marc.info/?l=oss-security&m=122152830017099&w=2

http://secunia.com/advisories/31737

Vendor Advisory

http://secunia.com/advisories/31870

Vendor Advisory

http://securitytracker.com/id?1020869

http://wordpress.org/development/2008/09/wordpress-262/

http://www.openwall.com/lists/oss-security/2008/09/11/6

http://www.securityfocus.com/archive/1/496287/100/0/threaded

http://www.sektioneins.de/advisories/SE-2008-05.txt

http://www.vupen.com/english/advisories/2008/2553

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html

http://osvdb.org/48700

http://www.securityfocus.com/bid/31115

https://exchange.xforce.ibmcloud.com/vulnerabilities/45956

https://nvd.nist.gov/vuln/detail/CVE-2008-4107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4107

EUVD