CVE-2009-3733

EXPLOITED

Vmware Esx - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Justin Morehouse · remotemultiple

https://www.exploit-db.com/exploits/33310

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb

View Code ZIP pw:eip

References (10)

[Patch, Vendor Advisory] http://lists.vmware.com/pipermail/security-announce/2009/000069.html

[Broken Link] http://secunia.com/advisories/37186

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201209-25.xml

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023088

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023089

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507523/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36842

[Patch, Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2009-0015.html

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/3062

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822

Scores

EPSS 0.9006

EPSS Percentile 99.6%

Details

VulnCheck KEV 2025-02-27

CWE

CWE-22

Status published

Products (17)

vmware/esx 3.0.3

vmware/esx 3.5

vmware/esxi 3.5

vmware/server 1.0

vmware/server 1.0.1

vmware/server 1.0.1_build_29996

vmware/server 1.0.2

vmware/server 1.0.3

vmware/server 1.0.4

vmware/server 1.0.4_build_56528

... and 7 more

Published Nov 02, 2009

Tracked Since Feb 18, 2026