Vulnerability Details : CVE-2009-3733
Public exploit exists!
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Vulnerability category: Directory traversal
Products affected by CVE-2009-3733
- cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3733
90.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-3733
-
VMware Server Directory Traversal Vulnerability
First seen: 2020-04-26auxiliary/scanner/vmware/vmware_server_dir_travThis modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware s
CVSS scores for CVE-2009-3733
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-3733
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3733
-
http://securitytracker.com/id?1023089
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://securitytracker.com/id?1023088
GoDaddy Domain Name SearchThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2009/3062
Webmail: access your OVH emails on ovhcloud.com | OVHcloud UKPatch;Vendor Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0015.html
VMSA-2009-0015Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822
404 Not FoundThird Party Advisory
-
http://www.securityfocus.com/archive/1/507523/100/0/threaded
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/37186
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/36842
VMware Products Directory Traversal VulnerabilityThird Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201209-25.xml
VMware Player, Server, Workstation: Multiple vulnerabilities (GLSA 201209-25) — Gentoo securityThird Party Advisory
-
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
502 Bad GatewayPatch;Vendor Advisory
Jump to