TUCoPS :: HP Unsorted S :: bt-22071.htm

TUCoPS :: HP Unsorted S :: bt-22071.htm
Same-origin policy bypass vulnerabilities in several VPN products reported

Same-origin policy bypass vulnerabilities in several VPN products reported Same-origin policy bypass vulnerabilities in several VPN products reported


Vulnerabilities in several clientless SSL VPN products have been reported.

Gathering authentication cookies etc. is reportedly possible.
At time of writing US-CERT's advisory lists the status of about 90 vendors.

US-CERT Vulnerability Note VU#261869:
http://www.kb.cert.org/vuls/id/261869 
Severity metric is remarkable high: 45,00.

This issue is CVE-2009-2631.

Juha-Matti