CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3923
https://notcve.org/view.php?id=CVE-2009-3923
10 Nov 2009 — The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server. El servicio Web de VirtualBox v2.0.8 y v2.0.10 en Sun Virtual Desktop Infrastructure (VDI) v3.0 no requiere autenticación, lo que permite a atacantes remotos conseguir acceso no especificado a través de vectores que implican peticiones al servidor Apache HTTP Server. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-2856
https://notcve.org/view.php?id=CVE-2009-2856
18 Aug 2009 — Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. Sun Virtual Desktop Infrastructure (VDI) v3.0, cuando la vinculación anónima esta activada, no se maneja adecuadamente el intento del cliente de establecer una conexión cifrada y autenticada, lo que permi... • http://secunia.com/advisories/36330 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •