CVE-2009-3923

EUVD-2009-3894
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
sunvirtual_desktop_infrastructure
3.0
sunvirtualbox
2.0.8
sunvirtualbox
2.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1
http://www.securityfocus.com/bid/36917
https://exchange.xforce.ibmcloud.com/vulnerabilities/54136
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1
http://www.securityfocus.com/bid/36917
https://exchange.xforce.ibmcloud.com/vulnerabilities/54136