4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
18.1%
PHP is vulnerable to Insufficient Random Numbers. The vulnerability is due to the SOAP HTTP Digest authentication using uninitialized memory as the nonce from the client which gets sent to the server, but this uninitialized memory is insufficiently random. An attacker can exploit this flaw to guess the client nonce, resulting in sensitive information disclosure.