Lucene search

MitreCVE-2008-2107

HistoryMay 07, 2008 - 9:20 p.m.

CVE-2008-2107

2008-05-0721:20:00

CWE-189

mitre

web.nvd.nist.gov

php

generate_seed

vulnerability

nvd

rand function

mt_rand function

context-dependent attackers

protection mechanisms

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.016

Percentile

87.4%

JSON

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Affected configurations

Nvd

Node

phpphpRange≤4.4.7

phpphpMatch5

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5cpe:2.3:a:php:php:5:*:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
phpphp5.0.1cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
phpphp5.0.2cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::
php	php	5	cpe:2.3:a:php:php:5:::::::*
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta1::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta2::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta3::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc1::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc2::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc3::::::
php	php	5.0.1	cpe:2.3:a:php:php:5.0.1:::::::*
php	php	5.0.2	cpe:2.3:a:php:php:5.0.2:::::::*