Bugtraq mailing list archives
Same-origin policy bypass vulnerabilities in several VPN products reported
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 2 Dec 2009 13:51:14 +0200 (EET)
Vulnerabilities in several clientless SSL VPN products have been reported. Gathering authentication cookies etc. is reportedly possible. At time of writing US-CERT's advisory lists the status of about 90 vendors. US-CERT Vulnerability Note VU#261869: http://www.kb.cert.org/vuls/id/261869 Severity metric is remarkable high: 45,00. This issue is CVE-2009-2631. Juha-Matti
Current thread:
- Same-origin policy bypass vulnerabilities in several VPN products reported Juha-Matti Laurio (Dec 02)