AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2009-4295: Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 1

infovulnerability

security

Source: NVD/CVE DatabaseDecember 11, 2009CVE-2009-4295

Summary

Sun Ray Server Software versions 4.0 and 4.1 fail to create unique DSA private keys (cryptographic codes used to encrypt data) for each Sun Ray device, making it easier for attackers to predict these keys and decrypt network traffic they intercept. This vulnerability affects Sun Ray 1, 1g, 100, and 150 DTU (desktop terminal unit, a thin client device) models.

Vulnerability Details

CVSS Score

7.8

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-310

Original source: https://nvd.nist.gov/vuln/detail/CVE-2009-4295

First tracked: February 15, 2026 at 08:46 PM

Classified by LLM (prompt v3) · confidence: 95%