CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3923
https://notcve.org/view.php?id=CVE-2009-3923
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. El servicio Web de VirtualBox v2.0.8 y v2.0.10 en Sun Virtual Desktop Infrastructure (VDI) v3.0 no requiere autenticación, lo que permite a atacantes remotos conseguir acceso no especificado a través de vectores que implican peticiones al servidor Apache HTTP Server. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1 http://www.securityfocus.com/bid/36917 https://exchange.xforce.ibmcloud.com/vulnerabilities/54136 • CWE-287: Improper Authentication •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2856
https://notcve.org/view.php?id=CVE-2009-2856
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. Sun Virtual Desktop Infrastructure (VDI) v3.0, cuando la vinculación anónima esta activada, no se maneja adecuadamente el intento del cliente de establecer una conexión cifrada y autenticada, lo que permitiría a atacantes remotos leer las peticiones de datos de configuración mediante el escaneo de las sesiones de LDAP en la red. • http://secunia.com/advisories/36330 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1 http://www.vupen.com/english/advisories/2009/2282 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •