CVE-2009-3923

CWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.6%
top 29.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN Virtual Desktop InfrastructureSUN Virtualbox
Timeline
PublishedNov 10
Latest updateMay 2

Description

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsun/virtualbox2.0.10, 2.0.8+1

Patches

Patch: sunsolve.sun.comPatch: www.securityfocus.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-9862-4m47-452h: The VirtualBox 22022-05-02
CVEList
CVE-2009-3923: The VirtualBox 22009-11-10
CVE-2009-3923 (HIGH CVSS 7.5) | The VirtualBox 2.0.8 and 2.0.10 web | cvebase.io