Description

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.

Remediation

References

CVE-2008-2107

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Multiple Security Bypass Vulnerabilities (1.9.16)

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)

Severity

High

Classification

CVE-2008-2107

Tags

Missing Update Known Vulnerabilities