Same Origin Policy Violation in Multiple Clientless SSL VPN Products
CVE-2009-2631

Currently unrated

Key Information:

Vendor

Sonicwall
Status
E-class Ssl Vpn
Ssl Vpn
Stonegate
Adaptive Security Appliance
Vendor
CVE Published:
4 December 2009

What is CVE-2009-2631?

Various clientless SSL VPN products, when misconfigured, allow attackers to exploit a fundamental design flaw facilitating unauthorized content retrieval from remote URLs. This flaw violates the same-origin policy, potentially allowing cross-site scripting (XSS) attacks, unauthorized access to internal resources, and exploitation of user sessions. Remote attackers can read cookies from different domains, perform keylogging, and engage in a range of malicious actions, posing serious risks to organizational security.

References

http://secunia.com/advisories/37786
third-party-advisoryx_refsource_SECUNIA
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/...
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/508164/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2009-2631 : Same Origin Policy Violation in Multiple Clientless SSL VPN Products