Lucene search

PRIOn knowledge basePRION:CVE-2007-2728

HistoryMay 16, 2007 - 10:30 p.m.

Sql injection

2007-05-1622:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.

CPENameOperatorVersion
ubuntu_linuxeq7.04
ubuntu_linuxeq6.10
ubuntu_linuxeq6.06

Name	Operator	Version
ubuntu_linux	eq	7.04
ubuntu_linux	eq	6.10
ubuntu_linux	eq	6.06

References

blog.php-security.org/archives/80-Watching-the-PHP-CVS.html

osvdb.org/36086

secunia.com/advisories/25306

secunia.com/advisories/26102

secunia.com/advisories/26895

www.mandriva.com/security/advisories?name=MDKSA-2007:187

www.novell.com/linux/security/advisories/2007_15_sr.html

www.ubuntu.com/usn/usn-485-1

www.vupen.com/english/advisories/2007/1839

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

Related for PRION:CVE-2007-2728