[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Same-origin policy bypass vulnerabilities in several VPN products reported

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Same-origin policy bypass vulnerabilities in several VPN products reported
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Wed, 2 Dec 2009 13:51:14 +0200 (EET)

Vulnerabilities in several clientless SSL VPN products have been reported.

Gathering authentication cookies etc. is reportedly possible.
At time of writing US-CERT's advisory lists the status of about 90 vendors.

US-CERT Vulnerability Note VU#261869:
http://www.kb.cert.org/vuls/id/261869
Severity metric is remarkable high: 45,00.

This issue is CVE-2009-2631.

Juha-Matti

Prev by Date: [ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities
Next by Date: Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow
Previous by thread: [ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities
Next by thread: Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow
Index(es):
- Date
- Thread