Lucene search

[email protected]NVD:CVE-2008-4102

HistorySep 18, 2008 - 5:59 p.m.

CVE-2008-4102

2008-09-1817:59:32

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.099 Low

EPSS

Percentile

94.9%

JSON

Joomla! 1.5 before 1.5.7 initializes PHP’s PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP’s mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

Affected configurations

NVD

Node

joomlajoomlaMatch1.5

joomlajoomlaMatch1.5.1

joomlajoomlaMatch1.5.2

joomlajoomlaMatch1.5.3

joomlajoomlaMatch1.5.4

joomlajoomlaMatch1.5.5

joomlajoomlaMatch1.5.6

References

developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html

marc.info/?l=oss-security&m=122115344915232&w=2

marc.info/?l=oss-security&m=122118210029084&w=2

marc.info/?l=oss-security&m=122152798516853&w=2

secunia.com/advisories/31789

securityreason.com/securityalert/4271

www.securityfocus.com/archive/1/496237/100/0/threaded

www.sektioneins.de/advisories/SE-2008-04.txt

www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

exchange.xforce.ibmcloud.com/vulnerabilities/45068

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.099 Low

EPSS

Percentile

94.9%

JSON

Related for NVD:CVE-2008-4102

cvelist3 cve3 prion3 openvas2 nessus2 nvd2 freebsd1 ubuntucve1