Back to list
Same-origin policy bypass vulnerabilities in several VPN products reported
Dec 02 2009 11:51AM
Juha-Matti Laurio (juha-matti laurio netti fi)
Vulnerabilities in several clientless SSL VPN products have been reported.
Gathering authentication cookies etc. is reportedly possible.
At time of writing US-CERT's advisory lists the status of about 90 vendors.
US-CERT Vulnerability Note VU#261869:
Severity metric is remarkable high: 45,00.
This issue is CVE-2009-2631.
[ reply ]
Copyright 2010, SecurityFocus