7.8

CVE-2009-4295

EPSS 0.37%
Published 11.12.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Ray Server Software Version4.0 Editionlinux

Sun ≫ Ray Server Software Version4.0 Editionsparc

Sun ≫ Ray Server Software Version4.0 Editionx86

Sun ≫ Ray Server Software Version4.1 Editionlinux

Sun ≫ Ray Server Software Version4.1 Editionsparc

Sun ≫ Ray Server Software Version4.1 Editionx86

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.56

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1

Patch

http://www.vupen.com/english/advisories/2009/3477

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1

Vendor Advisory

http://www.securityfocus.com/bid/37285

Patch

https://nvd.nist.gov/vuln/detail/CVE-2009-4295

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-4295

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-4295

EUVD