CVE-2009-2856

CWE-200 — Information Exposure3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 57.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Virtual Desktop Infrastructure

Timeline

PublishedAug 18

Latest updateMay 2

Description

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/virtual_desktop_infrastructure3.0

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-cp92-4h8q-cwwj: Sun Virtual Desktop Infrastructure (VDI) 3↗2022-05-02

▶

CVEList

CVE-2009-2856: Sun Virtual Desktop Infrastructure (VDI) 3↗2009-08-18

▶