CVE-2008-3072

Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/30955
http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0
http://secunia.com/advisories/30955
http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:simple_machines:simple_machines_forum::::::::
	cpe:2.3:a:simple_machines:simple_machines_forum::::::::

History

21 Nov 2024, 00:48

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/30955 -~~	() http://secunia.com/advisories/30955 -
References	~~() http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0 -~~	() http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0 -

Information

Published : 2008-07-08 18:41

Updated : 2024-11-21 00:48

NVD link : CVE-2008-3072

Mitre link : CVE-2008-3072

CVE.ORG link : CVE-2008-3072

JSON object : View

Products Affected

simple_machines

simple_machines_forum

CWE

CWE-189

Numeric Errors

NVD-CWE-noinfo

{"id": "CVE-2008-3072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-07-08T18:41:00.000", "references": [{"url": "http://secunia.com/advisories/30955", "source": "cve@mitre.org"}, {"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30955", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors."}, {"lang": "es", "value": "Aplicaci\u00f3n Simple Machines Forum (SMF) 1.1.x anterior a v1.1.5 y v1.0.x anterior a v1.0.13, cuando es ejecutada sobre PHP anterior a 4.2.0, no inicializa adecuadamente el generador de n\u00fameros aleatorios, que posee un impacto y vectores de ataque desconocidos."}], "lastModified": "2024-11-21T00:48:21.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E2DE6F-5256-404C-88A0-9EB9A1B7586C", "versionEndIncluding": "1.0.12"}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF60548-26B3-4213-BC8A-D8CD0D4B76C7", "versionEndIncluding": "1.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}