6.8

CVE-2009-2631

EPSS 0.96%
Published 04.12.2009 11:30:00
Last modified 16.06.2025 21:15:22
Source cret@cert.org
Teams watchlist Login
Open Login

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.  NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design

Affected products Warnungen 0 Metrics 2 CWE 1 References 28

Data is provided by the National Vulnerability Database (NVD)

Aladdin ≫ Safenet Securewire Access Gateway

Cisco ≫ Adaptive Security Appliance

Sonicwall ≫ E-class Ssl Vpn

Sonicwall ≫ Ssl Vpn

Stonesoft ≫ Stonegate

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.96%	0.758

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://kb.juniper.net/KB15799

http://seclists.org/fulldisclosure/2006/Jun/238

http://seclists.org/fulldisclosure/2006/Jun/269

http://seclists.org/fulldisclosure/2006/Jun/270

http://secunia.com/advisories/37696

Vendor Advisory

http://secunia.com/advisories/37786

Vendor Advisory

http://secunia.com/advisories/37788

Vendor Advisory

http://secunia.com/advisories/37789

Vendor Advisory

http://securitytracker.com/id?1023255

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744

http://www.kb.cert.org/vuls/id/261869

US Government Resource

http://www.securityfocus.com/archive/1/508164/100/0/threaded

http://www.securityfocus.com/bid/37152

http://www.sonicwall.com/us/2123_14882.html

Vendor Advisory

http://www.sonicwall.com/us/2123_14883.html

Vendor Advisory

http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3567

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3568

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3569

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3570

Vendor Advisory

http://www.vupen.com/english/advisories/2009/3571

Vendor Advisory

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54523

https://security.paloaltonetworks.com/PAN-SA-2025-0005

https://www.kb.cert.org/vuls/id/261869

https://nvd.nist.gov/vuln/detail/CVE-2009-2631

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2631

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2631

EUVD