AOH :: HP Unsorted S :: BT-22071.HTM

Same-origin policy bypass vulnerabilities in several VPN products reported



Same-origin policy bypass vulnerabilities in several VPN products reported
Same-origin policy bypass vulnerabilities in several VPN products reported



Vulnerabilities in several clientless SSL VPN products have been reported.

Gathering authentication cookies etc. is reportedly possible.
At time of writing US-CERT's advisory lists the status of about 90 vendors.

US-CERT Vulnerability Note VU#261869:
http://www.kb.cert.org/vuls/id/261869 
Severity metric is remarkable high: 45,00.

This issue is CVE-2009-2631.

Juha-Matti

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.