CVE-2009-4295
Published Dec 11, 2009
Last updated 15 years ago
Overview
- Description
- Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2621BD59-0ED4-402E-98EB-0F643078F4CB"
},
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAE615D0-41D5-46DD-86D4-B226068C58A5"
},
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B17D330-9E56-478F-A2C2-D4524B04CC5C"
},
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.1:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C97EBE67-896D-4E65-808D-0FA5B1F7274D"
},
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.1:*:sparc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0348F9F9-4ED5-4454-A9EB-B0E93E400D61"
},
{
"criteria": "cpe:2.3:a:sun:ray_server_software:4.1:*:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B8D2C71-24C3-4670-91F0-BE54E8DD1622"
}
],
"operator": "OR"
}
]
}
]