ID
VAR-E-200911-0275
CVE
| cve_id: | CVE-2009-2631 | Trust: 0.3 |
TITLE
Same-origin policy bypass vulnerabilities in several VPN
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | nortel | model: | networks callpilot 1002rp | scope: | - | version: | - | Trust: 0.6 |
| vendor: | sun | model: | java system portal server | scope: | eq | version: | 6.3.1 | Trust: 0.3 |
| vendor: | sun | model: | java system portal server | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | sun | model: | java system portal server | scope: | eq | version: | 7.1 | Trust: 0.3 |
| vendor: | sun | model: | java system portal server | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sun | model: | java system portal server | scope: | eq | version: | 7 | Trust: 0.3 |
| vendor: | stonesoft | model: | stonegate ssl vpn engine | scope: | eq | version: | 1.4 | Trust: 0.3 |
| vendor: | stonesoft | model: | stonegate ssl vpn engine | scope: | eq | version: | 1.3.1 | Trust: 0.3 |
| vendor: | stonesoft | model: | stonegate ssl vpn engine | scope: | eq | version: | 1.1 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 40003.55 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 40003.54 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 20003.55 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 20003.54 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 2003.09 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-vpn | scope: | eq | version: | 2003.08 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-rx | scope: | eq | version: | 4.0.18 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-r6 | scope: | eq | version: | 4.0.18 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-r3 | scope: | eq | version: | 4.0.18 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl-r | scope: | eq | version: | 4.0.18 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl vpn | scope: | eq | version: | 2002.1 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl vpn | scope: | eq | version: | 1.33 | Trust: 0.3 |
| vendor: | sonicwall | model: | ssl vpn | scope: | eq | version: | 2.5 | Trust: 0.3 |
| vendor: | nortel | model: | networks callpilot 703t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | nortel | model: | networks callpilot 600r | scope: | - | version: | - | Trust: 0.3 |
| vendor: | nortel | model: | networks callpilot 202i | scope: | - | version: | - | Trust: 0.3 |
| vendor: | nortel | model: | networks callpilot 201i | scope: | - | version: | - | Trust: 0.3 |
| vendor: | nortel | model: | networks callpilot 1005r | scope: | - | version: | - | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 7000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 65000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access sp | scope: | eq | version: | 60006000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 600050000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 45000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 400030000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 25000 | Trust: 0.3 |
| vendor: | juniper | model: | secure access | scope: | eq | version: | 20000 | Trust: 0.3 |
| vendor: | juniper | model: | sa700 ssl vpn | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | citrix | model: | netscaler access gateway enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | citrix | model: | netscaler access gateway enterprise edition | scope: | eq | version: | 8.1 | Trust: 0.3 |
| vendor: | citrix | model: | access gateway enterprise edition | scope: | eq | version: | 9.1 | Trust: 0.3 |
| vendor: | citrix | model: | access gateway enterprise edition | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | citrix | model: | access gateway advanced edition | scope: | eq | version: | 4.5.5 | Trust: 0.3 |
| vendor: | citrix | model: | access gateway advanced edition hf2 | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | citrix | model: | access gateway advanced edition | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | cisco | model: | clientless ssl vpn | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.2.13 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.2.1 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.1.2 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.0.211 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.1.2.25 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.1(2)19 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.1(2)14 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.0.4.34 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.0(4) | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 7.2.2.34 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 7.1.2.61 | Trust: 0.3 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | 7.1 | Trust: 0.3 |
EXPLOIT
Vulnerabilities in several clientless SSL VPN products have been reported.
Gathering authentication cookies etc. is reportedly possible.
At time of writing US-CERT's advisory lists the status of about 90 vendors.
US-CERT Vulnerability Note VU#261869:
http://www.kb.cert.org/vuls/id/261869
Severity metric is remarkable high: 45,00.
This issue is CVE-2009-2631.
Juha-Matti
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | CERT/CC | id: | VU#261869 | Trust: 0.9 |
| db: | EDBNET | id: | 67645 | Trust: 0.6 |
| db: | NVD | id: | CVE-2009-2631 | Trust: 0.3 |
| db: | BID | id: | 37152 | Trust: 0.3 |
REFERENCES
| url: | https://www.intelligentexploit.com | Trust: 0.6 |
| url: | http://seclists.org/fulldisclosure/2006/jun/238 | Trust: 0.3 |
| url: | http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=984744 | Trust: 0.3 |
| url: | http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html | Trust: 0.3 |
| url: | http://kb.juniper.net/kb15799 | Trust: 0.3 |
| url: | http://www.kb.cert.org/vuls/id/261869 | Trust: 0.3 |
| url: | http://support.citrix.com/article/ctx123610 | Trust: 0.3 |
| url: | http://blogs.sun.com/security/entry/portal_server_is_not_vulnerable | Trust: 0.3 |
SOURCES
| db: | BID | id: | 37152 |
| db: | EDBNET | id: | 67645 |
LAST UPDATE DATE
2022-07-27T10:01:41.702000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 37152 | date: | 2009-12-16T13:53:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 37152 | date: | 2009-11-30T00:00:00 |
| db: | EDBNET | id: | 67645 | date: | 2009-12-10T00:00:00 |