Lucene search

PRIOn knowledge basePRION:CVE-2008-2107

HistoryMay 07, 2008 - 9:20 p.m.

Design/Logic Flaw

2008-05-0721:20:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

CPENameOperatorVersion
phpeq5.1.5
phpeq5.1.2
phpeq5.1.1
phpeq5.0.0 beta1
phpeq5.1.6
phpeq5.2.2
phpeq5.0.5
phpeq5.0.1
phpeq5.1.4
phpeq5.0.4

Name	Operator	Version
php	eq	5.1.5
php	eq	5.1.2
php	eq	5.1.1
php	eq	5.0.0 beta1
php	eq	5.1.6
php	eq	5.2.2
php	eq	5.0.5
php	eq	5.0.1
php	eq	5.1.4
php	eq	5.0.4

Rows per page:

1-10 of 251

References

archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

secunia.com/advisories/30757

secunia.com/advisories/30828

secunia.com/advisories/30967

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

secunia.com/advisories/32746

secunia.com/advisories/35003

security.gentoo.org/glsa/glsa-200811-05.xml

securityreason.com/securityalert/3859

www.debian.org/security/2009/dsa-1789

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.mandriva.com/security/advisories?name=MDVSA-2008:128

www.mandriva.com/security/advisories?name=MDVSA-2008:129

www.mandriva.com/security/advisories?name=MDVSA-2008:130

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/491683/100/0/threaded

www.sektioneins.de/advisories/SE-2008-02.txt

www.ubuntu.com/usn/usn-628-1

exchange.xforce.ibmcloud.com/vulnerabilities/42226

exchange.xforce.ibmcloud.com/vulnerabilities/42284

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Related for PRION:CVE-2008-2107