CVE-2007-2728 - The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown im

CVE-2007-2728

Summary

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.

References

Vulnerable Configurations

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*
cpe:2.3:a:php:php:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 16-08-2024 - 21:15)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

mandriva	MDKSA-2007:187
misc	http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html
osvdb	36086
secunia	25306 26102 26895
suse	SUSE-SR:2007:015
ubuntu	USN-485-1
vupen	ADV-2007-1839

Last major update

16-08-2024 - 21:15

Published

16-05-2007 - 22:30

Last modified

16-08-2024 - 21:15