Podatność CVE-2009-2631


Publikacja: 2009-12-04   Modyfikacja: 2012-02-13

Opis:
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Same-origin policy bypass vulnerabilities in several VPN
Juha-Matti Lauri...
08.12.2009

Typ:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.8/10
6.4/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
Stonesoft -> Stonegate 
Sonicwall -> E-class ssl vpn 
Sonicwall -> Ssl vpn 
Cisco -> Adaptive security appliance 
Aladdin -> Safenet securewire access gateway 

 Referencje:
http://kb.juniper.net/KB15799
http://seclists.org/fulldisclosure/2006/Jun/238
http://seclists.org/fulldisclosure/2006/Jun/269
http://seclists.org/fulldisclosure/2006/Jun/270
http://securitytracker.com/id?1023255
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744
http://www.kb.cert.org/vuls/id/261869
http://www.securityfocus.com/archive/1/508164/100/0/threaded
http://www.securityfocus.com/bid/37152
http://www.sonicwall.com/us/2123_14882.html
http://www.sonicwall.com/us/2123_14883.html
http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html
http://www.vupen.com/english/advisories/2009/3567
http://www.vupen.com/english/advisories/2009/3568
http://www.vupen.com/english/advisories/2009/3569
http://www.vupen.com/english/advisories/2009/3570
http://www.vupen.com/english/advisories/2009/3571
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54523

Copyright 2024, cxsecurity.com

 

Back to Top