CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-2856

LOW
3.5
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile38.94th
Published2009年8月18日
Last Modified2026年4月23日

Vulnerability Description

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Affected Platforms (CPE)

📦
Sun

Virtual Desktop Infrastructure

= 3.0

References & Advisories

🔗 http://secunia.com/advisories/36330
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1
🔗 http://www.vupen.com/english/advisories/2009/2282
🔗 http://secunia.com/advisories/36330
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1
🔗 http://www.vupen.com/english/advisories/2009/2282

関連する脆弱性情報

CVE-2009-39237.5

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which...

CVE-2011-35713.6

Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authent...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...