CVE-2016-1902
Published Jun 1, 2016
Last updated 8 years ago
Overview
- Description
- The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87FE6482-55B8-4311-A67B-97C12626B3BF",
"versionEndIncluding": "2.3.36"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F13A190-1F97-4D7B-826A-E976934AE82B"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27770F28-584A-48E1-B885-6C6D17F546ED"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D52659E-1F0D-4319-A986-9BA512995C62"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C177DF32-F356-483C-82E5-8FCC68D89A74"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6D9461C-A049-48EC-BB3E-FD3212C82795"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F7EF330-714D-42E4-A2CF-406B84F3945B"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D86A4FF-9BD2-4B3D-A2CE-E9200A4EC690"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D6667BA-5A82-480B-AD9B-0E4CD0188458"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CFF0C34-4474-448B-8402-F9F7E6E1BA00"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EA6C319-AE4B-419F-BCAD-57D8ACF83EA2"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E132C9-F809-4AD9-959B-FFA8CB92780D"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83BE3955-422A-4E81-9B81-4C2484E5C335"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.6.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26EA6AA5-619A-4511-B2F6-4F1BA359FFC9"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABCF4EF8-5251-46B4-9B53-44783CD82082"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A03AAA02-DB58-42C5-B4A6-C2608CDB7123"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7DA4FA9-AED8-4CCB-85E4-6D0BF6776FC2"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32021069-B447-40B2-BBF9-0D2CFDE8ECC5"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F01C2E-5A1B-441A-B58C-C450AA1C1410"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "660AA98C-4E93-4D8B-A4EC-A94E24DCDB9E"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "388F9E94-C2C1-4010-97DA-B008E89D500F"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F89AEFB-7D2C-46EF-B0FF-D8C1B636EB30"
},
{
"criteria": "cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA6F1CF5-F8A5-43E2-B9C4-912A0583E558"
}
],
"operator": "OR"
}
]
}
]