Vulnerability Details : CVE-2008-2108
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.
Products affected by CVE-2008-2108
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Threat overview for CVE-2008-2108
Top countries where our scanners detected CVE-2008-2108
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-2108 17,197
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-2108!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-2108
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-15 |
CWE ids for CVE-2008-2108
-
Assigned by: nvd@nist.gov (Primary)
-
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-2108
-
http://www.redhat.com/support/errata/RHSA-2008-0544.html
SupportBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:129
MandrivaBroken Link
-
http://www.debian.org/security/2009/dsa-1789
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilitiesMailing List
-
http://www.redhat.com/support/errata/RHSA-2008-0546.html
SupportBroken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0582.html
SupportBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:126
MandrivaBroken Link
-
http://www.sektioneins.de/advisories/SE-2008-02.txt
404 Not FoundBroken Link;Exploit
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
[SECURITY] Fedora 8 Update: php-5.2.6-2.fc8Mailing List
-
http://secunia.com/advisories/35003
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/30828
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/491683/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:125
MandrivaBroken Link
-
http://secunia.com/advisories/30757
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844
404 Not FoundBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:130
MandrivaBroken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:128
MandrivaBroken Link
-
http://security.gentoo.org/glsa/glsa-200811-05.xml
PHP: Multiple vulnerabilities (GLSA 200811-05) — Gentoo securityThird Party Advisory
-
http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html
Broken Link;Exploit
-
http://secunia.com/advisories/31124
About Secunia Research | FlexeraBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42226
PHP GENERATE_SEED() weak security CVE-2008-2108 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://securityreason.com/securityalert/3859
PHP GENERATE_SEED() Weak Random Number Seed Vulnerability - CXSecurity.comMailing List
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:127
MandrivaBroken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0545.html
SupportBroken Link
-
http://secunia.com/advisories/31119
About Secunia Research | FlexeraBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9Mailing List
-
http://www.ubuntu.com/usn/usn-628-1
USN-628-1: PHP vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://secunia.com/advisories/32746
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/31200
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0505.html
SupportBroken Link
Jump to