Authentication Bypass in Sun Virtual Desktop Infrastructure Web Service
CVE-2009-3923

Currently unrated

Key Information:

Vendor: Oracle
Status: Virtualbox; Virtual Desktop Infrastructure
Vendor: CVE Published:; 10 November 2009

Summary

The web service component of Sun Virtual Desktop Infrastructure (VDI) versions 3.0, particularly in VirtualBox versions 2.0.8 and 2.0.10, contains a critical vulnerability that enables remote attackers to exploit the system due to lack of authentication. By sending crafted requests to the Apache HTTP Server, an attacker can gain unauthorized access to sensitive functionalities or data within the VDI environment, ultimately compromising the security of the entire system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54136

vdb-entryx_refsource_XF

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 10, 2009
Vulnerability Reserved
Nov 9, 2009