Lucene search

[email protected]NVD:CVE-2008-4107

HistorySep 18, 2008 - 5:59 p.m.

CVE-2008-4107

2008-09-1817:59:33

CWE-189

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.4%

JSON

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Affected configurations

NVD

Node

phpphpRange≤4.4.8

phpphpMatch4.0beta1

phpphpMatch4.0beta3

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3patch1

phpphpMatch4.0.4patch1

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.0.7rc4

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

Node

phpphpRange≤5.2.5

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.1

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.2

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

References

marc.info/?l=oss-security&m=122152830017099&w=2

osvdb.org/48700

secunia.com/advisories/31737

secunia.com/advisories/31870

securityreason.com/securityalert/4271

securitytracker.com/id?1020869

wordpress.org/development/2008/09/wordpress-262/

www.openwall.com/lists/oss-security/2008/09/11/6

www.securityfocus.com/archive/1/496237/100/0/threaded

www.securityfocus.com/archive/1/496287/100/0/threaded

www.securityfocus.com/bid/31115

www.sektioneins.de/advisories/SE-2008-02.txt

www.sektioneins.de/advisories/SE-2008-04.txt

www.sektioneins.de/advisories/SE-2008-05.txt

www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

www.vupen.com/english/advisories/2008/2553

exchange.xforce.ibmcloud.com/vulnerabilities/45956

www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

9.4 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.4%

JSON

Related for NVD:CVE-2008-4107

cve5 ubuntucve4 prion5 cvelist5 freebsd1 patchstack1 owncloud2 fedora3 nessus24 openvas38 veracode2 nvd4 oraclelinux2 redhat5 centos3 debiancve1 osv1 debian1 ubuntu1 gentoo1