The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
PHP 5.2.4
PHP 5.2.3
PHP 5.2.2
PHP 5.2.1
PHP 5.2.0
PHP PHP 5.1.6
PHP PHP 5.1.5
PHP 5.1.4
PHP PHP 5.1.3
PHP PHP 5.1.2
PHP PHP 5.1.1
PHP PHP 5.1.0
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0.0 RC3
PHP PHP 5.0.0 RC2
PHP PHP 5.0.0 RC1
PHP PHP 5.0.0 Beta3
PHP PHP 5.0.0 Beta2
PHP PHP 5.0.0 Beta1
Php Php 5 (not an official CPE)
PHP PHP 4.4.7