Описание
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.1.2-1ubuntu3.19 |
| devel | not-affected | 5.3.2-1ubuntu3 |
| hardy | released | 5.2.4-2ubuntu5.12 |
| intrepid | ignored | end of life, was needed |
| jaunty | released | 5.2.6.dfsg.1-3ubuntu4.6 |
| karmic | released | 5.2.10.dfsg.1-2ubuntu6.5 |
| lucid | not-affected | 5.3.2-1ubuntu3 |
| upstream | released | 5.2.13, 5.3.2 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
EPSS
6.4 Medium
CVSS2