CVE - CVE-2009-2631

CVE-ID
CVE-2009-2631	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:37152 URL:http://www.securityfocus.com/bid/37152 BUGTRAQ:20091202 Same-origin policy bypass vulnerabilities in several VPN products reported URL:http://www.securityfocus.com/archive/1/508164/100/0/threaded CERT-VN:VU#261869 URL:http://www.kb.cert.org/vuls/id/261869 CONFIRM:http://kb.juniper.net/KB15799 CONFIRM:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744 CONFIRM:http://www.sonicwall.com/us/2123_14882.html CONFIRM:http://www.sonicwall.com/us/2123_14883.html CONFIRM:http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html CONFIRM:http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf FULLDISC:20060608 SSL VPNs and security URL:http://seclists.org/fulldisclosure/2006/Jun/238 FULLDISC:20060609 Re: SSL VPNs and security URL:http://seclists.org/fulldisclosure/2006/Jun/269 FULLDISC:20060609 Re: SSL VPNs and security URL:http://seclists.org/fulldisclosure/2006/Jun/270 SECTRACK:1023255 URL:http://securitytracker.com/id?1023255 SECUNIA:37696 URL:http://secunia.com/advisories/37696 SECUNIA:37786 URL:http://secunia.com/advisories/37786 SECUNIA:37788 URL:http://secunia.com/advisories/37788 SECUNIA:37789 URL:http://secunia.com/advisories/37789 VUPEN:ADV-2009-3567 URL:~~http://www.vupen.com/english/advisories/2009/3567~~ (Obsolete source) VUPEN:ADV-2009-3568 URL:~~http://www.vupen.com/english/advisories/2009/3568~~ (Obsolete source) VUPEN:ADV-2009-3569 URL:~~http://www.vupen.com/english/advisories/2009/3569~~ (Obsolete source) VUPEN:ADV-2009-3570 URL:~~http://www.vupen.com/english/advisories/2009/3570~~ (Obsolete source) VUPEN:ADV-2009-3571 URL:~~http://www.vupen.com/english/advisories/2009/3571~~ (Obsolete source) XF:sslvpn-sameorigin-security-bypass(54523) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54523
Assigning CNA
CERT/CC
Date Record Created
20090728	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090728)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)