Vulnerability Description
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Empire Server | Empire Server | <= 4.3.11 |
Related Weaknesses (CWE)
References
- http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745Patch
- http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111Patch
- http://www.securityfocus.com/bid/30152
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43653
- http://freshmeat.net/projects/empserver/?branch_id=22267&release_id=280745Patch
- http://sourceforge.net/project/shownotes.php?group_id=24031&release_id=600111Patch
- http://www.securityfocus.com/bid/30152
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43653
FAQ
What is CVE-2008-3168?
CVE-2008-3168 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
How severe is CVE-2008-3168?
CVE-2008-3168 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3168?
Check the references section above for vendor advisories and patch information. Affected products include: Empire Server Empire Server.