CVE-2016-1902 in Symfonyالمعلومات

الملخص

بحسب MITRE

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

14/01/2016

إفشاء

01/06/2016

الاعتدال

تمت الموافقة

إدخال

VDB-87699

CPE

جاهز

CWE

CWE-310 (مؤكد)

CVSS

7.5 (NVD)

EPSS

0.00397

KEV

لا

النشاطات

منخفض جدًا

القطاع

Telecommunication, Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1902
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1902
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1902/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!