Vulnerability Description
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 5.2.12 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/38708Vendor Advisory
- http://secunia.com/advisories/42410
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/releases/5_2_13.phpVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0919.html
- http://www.securityfocus.com/bid/38430Exploit
- http://www.vupen.com/english/advisories/2010/0479PatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/3081
- http://secunia.com/advisories/38708Vendor Advisory
- http://secunia.com/advisories/42410
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/releases/5_2_13.phpVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0919.html
- http://www.securityfocus.com/bid/38430Exploit
- http://www.vupen.com/english/advisories/2010/0479PatchVendor Advisory
FAQ
What is CVE-2010-1128?
CVE-2010-1128 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpre...
How severe is CVE-2010-1128?
CVE-2010-1128 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1128?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.