CVE-2010-4728
published 2011-02-08CVE-2010-4728: Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
0.95%
56.7th percentile
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zikula | zikula_application_framework | <= 1.2.5 | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
bugzilla·2011-02-09·CVSS 5.0
CVE-2010-4728 [MEDIUM] CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676450
Please note: this issue affects multipl
Bugzilla
CVE-2010-4728 zikula: predictable random number generation
bugzilla·2011-02-09·CVSS 5.0
CVE-2010-4728 [MEDIUM] CVE-2010-4728 zikula: predictable random number generation
CVE-2010-4728 zikula: predictable random number generation
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4728 to
the following vulnerability:
Name: CVE-2010-4728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4728
Assigned: 20110208
Reference: http://code.zikula.org/core/ticket/2009
Zikula before 1.3.1 uses the rand and srand PHP functions for random
number generation, which makes it easier for remote attackers to
defeat protection mechanisms based on randomization by predicting a
return value, as demonstrated by the authid protection mechanism.
Discussion:
Created zikula tracking bugs for this issue
Affects: fedora-all [bug 676457]
Affects: epel-all [bug 676458]
Bugzilla
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
bugzilla·2011-02-09·CVSS 5.0
CVE-2010-4728 [MEDIUM] CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676450
Please note: this issue affects multiple
2011-02-08
Published