CVE-2010-1128

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
phpphp
𝑥
≤ 5.2.12
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
lucid
not-affected
karmic
Fixed 5.2.10.dfsg.1-2ubuntu6.5
released
jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.6
released
intrepid
ignored
hardy
Fixed 5.2.4-2ubuntu5.12
released
dapper
Fixed 5.1.2-1ubuntu3.19
released
Common Weakness Enumeration
References
http://secunia.com/advisories/38708
http://secunia.com/advisories/42410
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.securityfocus.com/bid/38430
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/3081
http://secunia.com/advisories/38708
http://secunia.com/advisories/42410
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_13.php
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.securityfocus.com/bid/38430
http://www.vupen.com/english/advisories/2010/0479
http://www.vupen.com/english/advisories/2010/3081