← volver
CVE-2008-4107

CVE-2008-4107

EPSS 3.0%
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://marc.info/?l=oss-security&m=122152830017099&w=2http://osvdb.org/48700http://secunia.com/advisories/31737http://secunia.com/advisories/31870http://securityreason.com/securityalert/4271http://securitytracker.com/id?1020869https://exchange.xforce.ibmcloud.com/vulnerabilities/45956https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.htmlhttp://wordpress.org/development/2008/09/wordpress-262/http://www.openwall.com/lists/oss-security/2008/09/11/6http://www.securityfocus.com/archive/1/496237/100/0/threaded