7.8
CVE-2009-4295
- EPSS 1.43%
- Veröffentlicht 11.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sun ≫ Ray Server Software Version4.0 Editionlinux
Sun ≫ Ray Server Software Version4.0 Editionsparc
Sun ≫ Ray Server Software Version4.0 Editionx86
Sun ≫ Ray Server Software Version4.1 Editionlinux
Sun ≫ Ray Server Software Version4.1 Editionsparc
Sun ≫ Ray Server Software Version4.1 Editionx86
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.43% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1
http://www.vupen.com/english/advisories/2009/3477
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
http://www.securityfocus.com/bid/37285