CVE-2010-4728

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Z

ikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.

References

Link	Resource
http://code.zikula.org/core/ticket/2009
http://code.zikula.org/core/ticket/2009

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zikula:zikula_application_framework::::::::
	cpe:2.3:a:zikula:zikula_application_framework:1.1.2:::::::*
	cpe:2.3:a:zikula:zikula_application_framework:1.2.1:::::::*
	cpe:2.3:a:zikula:zikula_application_framework:1.2.2:::::::*
	cpe:2.3:a:zikula:zikula_application_framework:1.2.3:::::::*
	cpe:2.3:a:zikula:zikula_application_framework:1.2.4:::::::*

History

21 Nov 2024, 01:21

Type	Values Removed	Values Added
References	~~() http://code.zikula.org/core/ticket/2009 -~~	() http://code.zikula.org/core/ticket/2009 -

Information

Published : 2011-02-08 22:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-4728

Mitre link : CVE-2010-4728

CVE.ORG link : CVE-2010-4728

JSON object : View

Products Affected

zikula_application_framework

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2010-4728", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-02-08T22:00:00.883", "references": [{"url": "http://code.zikula.org/core/ticket/2009", "source": "[email protected]"}, {"url": "http://code.zikula.org/core/ticket/2009", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism."}, {"lang": "es", "value": "Zikula en versiones anteriores a la 1.3.1 utiliza las funciones PHP rand y srand para la generaci\u00f3n de n\u00fameros aleatorios, lo que facilita a atacantes remotos evitar los mecanismos de protecci\u00f3n basados en la aleatorizaci\u00f3n prediciendo el valor de rotorno, como se ha demostrado con el mecanismo de protecci\u00f3n authid."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53BBBEBB-3CBD-4650-91C4-8DD0CE3C6B78", "versionEndIncluding": "1.2.5"}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F1B6758-3E03-412F-84BD-83C8B669F738"}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB69408-9D6A-475F-BB4B-E5F52465FE42"}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76E5B1A-8CD3-40E6-B491-81F7D8B8F86A"}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6EE3D78-D9A4-4CC3-A242-232CA58C6B68"}, {"criteria": "cpe:2.3:a:zikula:zikula_application_framework:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152E4A65-5432-4CAE-98CE-44CDD48AB6E7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}