CVE-2010-1128

{"id": "CVE-2010-1128", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-03-26T20:30:00.877", "references": [{"url": "http://secunia.com/advisories/38708", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42410", "source": "cve@mitre.org"}, {"url": "http://www.php.net/ChangeLog-5.php", "source": "cve@mitre.org"}, {"url": "http://www.php.net/releases/5_2_13.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38430", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0479", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/3081", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function."}, {"lang": "es", "value": "El Linear Congruential Generator (LCG) en PHP anteriores a v5.2.13 no provee la entrop\u00eda esperada, lo que hace m\u00e1s f\u00e1cil para atacantes dependiendo del contexto adivinar valores que deber\u00edan ser impredecibles, como se demostr\u00f3 con cookies de sesi\u00f3n generadas utilizando la funci\u00f3n uniqid."}], "lastModified": "2010-12-10T06:39:13.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "438EC66E-3D70-4780-AC53-22F850818612", "versionEndIncluding": "5.2.12"}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"}, {"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17"}, {"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B"}, {"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F"}, {"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103"}, {"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3"}, {"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC"}, {"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426"}, {"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C"}, {"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923"}, {"criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=577582\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2010-04-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}