CVE-2009-3923

{"id": "CVE-2009-3923", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-11-10T00:30:00.420", "references": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36917", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36917", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54136", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server."}, {"lang": "es", "value": "El servicio Web de VirtualBox v2.0.8 y v2.0.10 en Sun Virtual Desktop Infrastructure (VDI) v3.0 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos conseguir acceso no especificado a trav\u00e9s de vectores que implican peticiones al servidor Apache HTTP Server."}], "lastModified": "2024-11-21T01:08:31.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13508CBB-9253-40A6-9CC9-5CD5535A35DD"}, {"criteria": "cpe:2.3:a:sun:virtualbox:2.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6456F012-E72B-4622-BFD1-F95FEDA6E446"}, {"criteria": "cpe:2.3:a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0003E19C-EBAA-488F-B3F0-E2CFB283FBDD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}