Same Origin Policy Violation in Multiple Clientless SSL VPN Products
CVE-2009-2631

Currently unrated

Key Information:

Vendor

Cisco
Status
Adaptive Security Appliance Web Ssl Vpn
Pan Os Web Ssl Vpn
Vendor
CVE Published:
4 December 2009

What is CVE-2009-2631?

Various clientless SSL VPN products, when misconfigured, allow attackers to exploit a fundamental design flaw facilitating unauthorized content retrieval from remote URLs. This flaw violates the same-origin policy, potentially allowing cross-site scripting (XSS) attacks, unauthorized access to internal resources, and exploitation of user sessions. Remote attackers can read cookies from different domains, perform keylogging, and engage in a range of malicious actions, posing serious risks to organizational security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Adaptive Security Appliance Web SSL VPN *

PAN OS Web SSL VPN *

References

https://www.kb.cert.org/vuls/id/261869
https://security.paloaltonetworks.com/PAN-SA-2025-0005

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.