Lucene search

[email protected]CVE-2009-2856

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-2856

2022-10-0316:24:06

CWE-200

[email protected]

web.nvd.nist.gov

cve-2009-2856

sun

virtual desktop infrastructure

vdi

anonymous binding

ldap

network security

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.8%

JSON

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client’s attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Affected configurations

NVD

Node

sunvirtual_desktop_infrastructureMatch3.0

AND

sunsolarisMatch10.0x86

Node

sunvirtual_desktop_infrastructureMatch3.0

AND

sunsolarisMatch10.0sparc

CPENameOperatorVersion
sun:virtual_desktop_infrastructuresun virtual desktop infrastructureeq3.0

CPE	Name	Operator	Version
sun:virtual_desktop_infrastructure	sun virtual desktop infrastructure	eq	3.0

References

secunia.com/advisories/36330

sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1

sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

www.vupen.com/english/advisories/2009/2282

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2009-2856

prion1 nvd1 cvelist1