Unrated severityNVD Advisory· Published Mar 26, 2010· Updated Jun 16, 2026
CVE-2010-1128
CVE-2010-1128
Description
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.2.12
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- (no CPE)range: <5.2.13
Patches
Vulnerability mechanics
References
8- www.vupen.com/english/advisories/2010/0479nvdPatchVendor Advisory
- www.securityfocus.com/bid/38430nvdExploit
- secunia.com/advisories/38708nvdVendor Advisory
- www.php.net/releases/5_2_13.phpnvdVendor Advisory
- secunia.com/advisories/42410nvd
- www.php.net/ChangeLog-5.phpnvd
- www.redhat.com/support/errata/RHSA-2010-0919.htmlnvd
- www.vupen.com/english/advisories/2010/3081nvd
News mentions
0No linked articles in our index yet.