vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
LCG Entropy
330
CWE
Product Name: PHP
Affected Version From: PHP versions prior to 5.2.13
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:php:php
Platforms Tested:
2010
PHP LCG Entropy Vulnerability
The PHP LCG (Linear Congruential) entropy vulnerability allows attackers to steal sessions or other sensitive data.
Mitigation:
Upgrade to PHP version 5.2.13 or later.