CVE-2009-3923

VirtualBox <2.0.8-2.0.10 - Info Disclosure

Title source: llm

Description

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

References (4)

[Patch, Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1

[Patch] http://www.securityfocus.com/bid/36917

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54136

Scores

EPSS 0.0062

EPSS Percentile 69.8%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

sun/virtual_desktop_infrastructure

sun/virtualbox

Timeline

Published Nov 10, 2009

Tracked Since Feb 18, 2026