CVE-2011-0755
- Public Date:
- 2008-11-17
- Bugzilla:
- 674709: CVE-2011-0755 php: mt_rand() does not check that max is greater than min
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2011-0755 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat does not consider this flaw to be a security issue as arguments passed to the mt_rand function are under the full control of the script author. No trust boundary is crossed.
This flaw exists in the php53 packages versions as shipped in Red Hat Enterprise Linux 5 and the php packages versions as shipped in Red Hat Enterprise Linux 6.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | php | Affected |
| Red Hat Enterprise Linux 5 | php | Under investigation |
| Red Hat Enterprise Linux 5 | php53 | Affected |
| Red Hat Enterprise Linux 4 | php | Under investigation |
CVE description copyright © 2017, The MITRE Corporation
