CVE-2009-2856

Опубликовано: 18 авг. 2009

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Ссылки

http://secunia.com/advisories/36330
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2282
Patch
Vendor Advisory
http://secunia.com/advisories/36330
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2282
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*

cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-cp92-4h8q-cwwj

github

почти 4 года назад