CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3923

HIGH
7.5
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile31.17th
PublishedNov 10, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

Affected Platforms (CPE)

πŸ“¦
Sun

Virtual Desktop Infrastructure

= 3.0
πŸ“¦
Sun

Virtualbox

= 2.0.8
πŸ“¦
Sun

Virtualbox

= 2.0.10

References & Advisories

πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1
πŸ”— http://www.securityfocus.com/bid/36917
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/54136
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-03-1
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1
πŸ”— http://www.securityfocus.com/bid/36917
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/54136

Related Vulnerabilities

CVE-2011-35713.6

Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authent...

CVE-2009-28563.5

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to es...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...