CVE-2007-2727
Published May 16, 2007
Last updated 2 years ago
Overview
- Description
- The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1, or 2, as the packages shipped are not compiled with the mcrypt extension affected by this issue.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59EC31C2-497E-42A9-BC39-C33C015BA461",
"versionEndExcluding": "4.4.7",
"versionStartIncluding": "4.4.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91370F42-4EA1-445E-913F-34F473CB1905",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "419867C6-37BE-43B4-BFE0-6325FEE3807D"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37896E87-95C2-4039-8362-BC03B1C56706"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8667FBC6-04B6-40E5-93B3-6C22BEED4B26"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC6A6F47-5C7C-4F82-B23B-9C959C69B27F"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF"
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E36203C-1392-49BB-AE7E-49626963D673"
},
{
"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68"
},
{
"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989"
},
{
"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53"
},
{
"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E"
},
{
"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D"
},
{
"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D"
},
{
"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E"
},
{
"criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124"
}
],
"operator": "OR"
}
]
}
]