CVE-2010-1128

EUVD-2010-1159
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.2.12
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
dapper
Fixed 5.1.2-1ubuntu3.19
released
hardy
Fixed 5.2.4-2ubuntu5.12
released
intrepid
ignored
jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.6
released
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.5
released
lucid
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/38708
http://secunia.com/advisories/42410
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.securityfocus.com/bid/38430
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/3081
http://secunia.com/advisories/38708
http://secunia.com/advisories/42410
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.securityfocus.com/bid/38430
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/3081