Unrated severityNVD Advisory· Published Nov 10, 2009· Updated Apr 23, 2026

CVE-2009-3923

Description

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.

Affected products

Sun Corporation/Virtualbox2 versions
cpe:2.3:a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:virtualbox:2.0.8:*:*:*:*:*:*:*
Sun Corporation/Virtual Desktop Infrastructure
cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sunsolve.sun.com/search/document.donvdPatchVendor Advisory
www.securityfocus.com/bid/36917nvdPatch
sunsolve.sun.com/search/document.donvd
exchange.xforce.ibmcloud.com/vulnerabilities/54136nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000