Multiple Vendor Clientless SSL VPN Products Same Origin Policy Bypass Vulnerability

Bugtraq ID: 37152
Class: Design Error
CVE: CVE-2009-2631
Remote: Yes
Local: No
Published: Nov 30 2009 12:00AM
Updated: Dec 16 2009 01:53PM
Credit: David Warren and Ryan Giobbi, Michal Zalewski
Vulnerable: Sun Java System Portal Server 6.3.1
Sun Java System Portal Server 7.2
Sun Java System Portal Server 7.1
Sun Java System Portal Server 7.0
Sun Java System Portal Server 7
Stonesoft StoneGate SSL VPN Engine 1.4
Stonesoft StoneGate SSL VPN Engine 1.3.1
Stonesoft StoneGate SSL VPN Engine 1.1
SonicWALL SSL-VPN 4000 3.5 5
SonicWALL SSL-VPN 4000 3.5 4
SonicWALL SSL-VPN 2000 3.5 5
SonicWALL SSL-VPN 2000 3.5 4
SonicWALL SSL-VPN 200 3.0 9
SonicWALL SSL-VPN 200 3.0 8
SonicWALL SSL-RX 4.0 .18
SonicWALL SSL-R6 4.0 .18
SonicWALL SSL-R3 4.0 .18
SonicWALL SSL-R 4.0 .18
SonicWALL SSL VPN 200 2.1
SonicWALL SSL VPN 1.3 3
SonicWALL SSL VPN 2.5
Nortel Networks CallPilot 703t
Nortel Networks CallPilot 600r
Nortel Networks CallPilot 202i
Nortel Networks CallPilot 201i
Nortel Networks CallPilot 1005r
Nortel Networks CallPilot 1002rp
Nortel Networks CallPilot 1002rp
Juniper Networks Secure Access 700 0
Juniper Networks Secure Access 6500 0
Juniper Networks Secure Access 6000 SP 6000
Juniper Networks Secure Access 6000 (NetScreen-SA 5000 Series) 0
Juniper Networks Secure Access 4500 0
Juniper Networks Secure Access 4000 (NetScreen-SA 3000 Series) 0
Juniper Networks Secure Access 2500 0
Juniper Networks Secure Access 2000 0
Juniper Networks SA700 SSL VPN 0
Citrix NetScaler Access Gateway Enterprise Edition 9.0
Citrix NetScaler Access Gateway Enterprise Edition 8.1
Citrix Access Gateway Enterprise Edition 9.1
Citrix Access Gateway Enterprise Edition 9.0
Citrix Access Gateway Advanced Edition 4.5.5
Citrix Access Gateway Advanced Edition 4.5 HF2
Citrix Access Gateway Advanced Edition 4.5
Cisco Clientless SSL VPN (WebVPN) 0
Cisco Adaptive Security Appliance 8.2.1 3
Cisco Adaptive Security Appliance 8.2.1
Cisco Adaptive Security Appliance 8.1.2
Cisco Adaptive Security Appliance 8.0.2 11
Cisco Adaptive Security Appliance 8.1.2.25
Cisco Adaptive Security Appliance 8.1(2)19
Cisco Adaptive Security Appliance 8.1 (2)14
Cisco Adaptive Security Appliance 8.0.4.34
Cisco Adaptive Security Appliance 8.0(4)
Cisco Adaptive Security Appliance 8.0
Cisco Adaptive Security Appliance 7.2.2.34
Cisco Adaptive Security Appliance 7.2
Cisco Adaptive Security Appliance 7.1.2.61
Cisco Adaptive Security Appliance 7.1
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus