CVE-2008-4107

Impact:
Moderate
Public Date:
2008-09-11
Bugzilla:
462772: CVE-2008-4107 PHP: insecure random numbers

The MITRE CVE dictionary describes this issue as:

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Find out more about CVE-2008-4107 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The risks associated with fixing this bug are greater than the security risk. We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux 2.1, 3, 4, or 5.

For more information please see our bug for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=462772

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.