Lucene search

[email protected]CVE-2009-4295

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4295

2022-10-0316:24:03

CWE-310

[email protected]

web.nvd.nist.gov

cve-2009-4295

sun ray server software

dsa private key

firmware

remote attackers

network traffic

security vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.4%

JSON

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

Affected configurations

NVD

Node

sunray_server_softwareMatch4.0linux

sunray_server_softwareMatch4.0sparc

sunray_server_softwareMatch4.0x86

sunray_server_softwareMatch4.1linux

sunray_server_softwareMatch4.1sparc

sunray_server_softwareMatch4.1x86

CPENameOperatorVersion
sun:ray_server_softwaresun ray server softwareeq4.0
sun:ray_server_softwaresun ray server softwareeq4.1

CPE	Name	Operator	Version
sun:ray_server_software	sun ray server software	eq	4.0
sun:ray_server_software	sun ray server software	eq	4.1

References

sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1

sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1

www.securityfocus.com/bid/37285

www.vupen.com/english/advisories/2009/3477

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.4%

JSON

Related for CVE-2009-4295

nvd1 cvelist1 prion1 nessus1