Lucene search
Ubuntu.comUB:CVE-2007-2727HistoryMay 16, 2007 - 12:00 a.m.
CVE-2007-2727
2007-05-1600:00:00
ubuntu.com
ubuntu.com
23
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
0.007
Percentile
80.7%
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7,
5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with
an uninitialized seed variable and therefore always generates the same
initialization vector (IV), which might allow context-dependent attackers
to decrypt certain data more easily because of the guessable encryption
keys.
Bugs
Related
redhatcve
redhatcve
CVE-2007-2727
2015-10-30 09:44:00
cve
cve
CVE-2007-2727
2007-05-16 22:30:00
CVE-2007-2728
2007-05-16 22:30:00
cvelist
cvelist
CVE-2007-2727
2007-05-16 22:00:00
CVE-2007-2728
2007-05-16 22:00:00
prion
prion
Code injection
2007-05-16 22:30:00
Sql injection
2007-05-16 22:30:00
nvd
nvd
CVE-2007-2727
2007-05-16 22:30:00
CVE-2007-2728
2007-05-16 22:30:00
ubuntucve
ubuntucve
CVE-2007-2728
2007-05-16 00:00:00
vulnrichment
vulnrichment
CVE-2007-2728
2007-05-16 22:00:00
openvas
openvas
SLES9: Security update for PHP4
2009-10-10 00:00:00
SLES9: Security update for PHP4
2009-10-10 00:00:00
Mandriva Update for php MDKSA-2007:187 (php)
2009-04-09 00:00:00
nessus
nessus
SuSE9 Security Update : PHP4 (YOU Patch Number 11666)
2009-09-24 00:00:00
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
2007-12-13 00:00:00
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)
2007-10-17 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
0.007
Percentile
80.7%
Related for UB:CVE-2007-2727