VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.90429	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90429	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90429	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90429	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90429	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.9058	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90675	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90675	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.90675	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95536	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.95658	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.96550	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.96550	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
epss	0.96664	https://api.first.org/data/v1/epss?cve=CVE-2009-3733
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2009-3733

System

Score

Found at

epss

0.90429

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90429

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90429

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90429

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90429

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.9058

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90675

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90675

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.90675

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95536

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.95658

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.96550

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.96550

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

epss

0.96664

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

cvssv2

5.0

https://nvd.nist.gov/vuln/detail/CVE-2009-3733

Reference id	Reference type	URL
		http://lists.vmware.com/pipermail/security-announce/2009/000069.html
		https://api.first.org/data/v1/epss?cve=CVE-2009-3733
		http://secunia.com/advisories/37186
		http://security.gentoo.org/glsa/glsa-201209-25.xml
		http://securitytracker.com/id?1023088
		http://securitytracker.com/id?1023089
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822
		http://www.securityfocus.com/archive/1/507523/100/0/threaded
		http://www.securityfocus.com/bid/36842
		http://www.vmware.com/security/advisories/VMSA-2009-0015.html
		http://www.vupen.com/english/advisories/2009/3062
cpe:2.3:a:vmware:esx:3.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esx:3.0.3:::::::*
cpe:2.3:a:vmware:esx:3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esx:3.5:::::::*
cpe:2.3:a:vmware:esxi:3.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esxi:3.5:::::::*
cpe:2.3:a:vmware:server:1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0:::::::*
cpe:2.3:a:vmware:server:1.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.1:::::::*
cpe:2.3:a:vmware:server:1.0.1_build_29996:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.1_build_29996:::::::*
cpe:2.3:a:vmware:server:1.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.2:::::::*
cpe:2.3:a:vmware:server:1.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.3:::::::*
cpe:2.3:a:vmware:server:1.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.4:::::::*
cpe:2.3:a:vmware:server:1.0.4_build_56528:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.4_build_56528:::::::*
cpe:2.3:a:vmware:server:1.0.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.5:::::::*
cpe:2.3:a:vmware:server:1.0.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.6:::::::*
cpe:2.3:a:vmware:server:1.0.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.7:::::::*
cpe:2.3:a:vmware:server:1.0.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.8:::::::*
cpe:2.3:a:vmware:server:1.0.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.9:::::::*
CVE-2009-3733		https://nvd.nist.gov/vuln/detail/CVE-2009-3733
CVE-2009-3733;OSVDB-59440	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33310.nse
CVE-2009-3733;OSVDB-59440	Exploit	https://www.securityfocus.com/bid/36842/info
GLSA-201209-25		https://security.gentoo.org/glsa/201209-25

Reference id

Reference type

URL

http://lists.vmware.com/pipermail/security-announce/2009/000069.html

https://api.first.org/data/v1/epss?cve=CVE-2009-3733

http://secunia.com/advisories/37186

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://securitytracker.com/id?1023088

http://securitytracker.com/id?1023089

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7822

http://www.securityfocus.com/archive/1/507523/100/0/threaded

http://www.securityfocus.com/bid/36842

http://www.vmware.com/security/advisories/VMSA-2009-0015.html

http://www.vupen.com/english/advisories/2009/3062

cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*

CVE-2009-3733

https://nvd.nist.gov/vuln/detail/CVE-2009-3733

CVE-2009-3733;OSVDB-59440

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33310.nse

CVE-2009-3733;OSVDB-59440

Exploit

https://www.securityfocus.com/bid/36842/info

GLSA-201209-25

https://security.gentoo.org/glsa/201209-25

Data source	Exploit-DB
Date added	Oct. 27, 2009
Description	VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal
Ransomware campaign use	Known
Source publication date	Oct. 27, 2009
Exploit type	remote
Platform	multiple
Source update date	May 12, 2014
Source URL	https://www.securityfocus.com/bid/36842/info

Exploit-DB

Oct. 27, 2009

VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal

Known

Oct. 27, 2009

remote

multiple

May 12, 2014

https://www.securityfocus.com/bid/36842/info

Data source	Metasploit
Description	This modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.
Note	Stability: - crash-safe SideEffects: - ioc-in-logs Reliability: []
Ransomware campaign use	Unknown
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb

Metasploit

This modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.

Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
Reliability: []

Unknown

https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/vmware/vmware_server_dir_trav.rb

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

There are no relevant records.

Vulnerability ID	VCID-97wy-acxg-aaac
Aliases	CVE-2009-3733
Summary	Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Status	Published
Exploitability	2.0
Weighted Severity	4.5
Risk	9.0
Affected and Fixed Packages	Package Details

Percentile	0.9957
EPSS Score	0.90429
Published At	June 20, 2025, 12:55 p.m.