CVE

Id
38909  
CVE No.
CVE-2009-1474  
Status
Candidate  
Description
The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.  
Phase
Assigned (20090428)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
427264 38909 CVE-2009-1474 BUGTRAQ:20090526 Multiple vulnerabilities in several ATEN IP KVM Switches  View
427265 38909 CVE-2009-1474 URL:http://www.securityfocus.com/archive/1/archive/1/503827/100/0/threaded  View
427266 38909 CVE-2009-1474 BID:35108  View
427267 38909 CVE-2009-1474 URL:http://www.securityfocus.com/bid/35108  View
427268 38909 CVE-2009-1474 SECUNIA:35241  View
427269 38909 CVE-2009-1474 URL:http://secunia.com/advisories/35241  View
427270 38909 CVE-2009-1474 XF:aten-kvm-mouse-weak-security(50850)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
40280 JVNDB-2009-001286 Sun Solaris の DTrace ioctl ハンドラにおけるサービス運用妨害 (DoS) の脆弱性 Sun Solaris の DTrace ioctl ハンドラには、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。 CVE-2009-1478 38909 4.9 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001286.html  View