CVE-2009-2631 : Détail

CVE-2009-2631

A01-Broken Access Control
1.88%V3
Network
2009-12-04
10h00 +00:00
2018-10-10
16h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-264 Category : Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Products Mentioned

Configuraton 0

Aladdin>>Safenet_securewire_access_gateway >> Version *

    Cisco>>Adaptive_security_appliance >> Version *

    Sonicwall>>E-class_ssl_vpn >> Version *

      Sonicwall>>Ssl_vpn >> Version *

        Stonesoft>>Stonegate >> Version *

          Références

          http://secunia.com/advisories/37786
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.kb.cert.org/vuls/id/261869
          Tags : third-party-advisory, x_refsource_CERT-VN
          http://www.securityfocus.com/bid/37152
          Tags : vdb-entry, x_refsource_BID
          http://www.vupen.com/english/advisories/2009/3569
          Tags : vdb-entry, x_refsource_VUPEN
          http://seclists.org/fulldisclosure/2006/Jun/238
          Tags : mailing-list, x_refsource_FULLDISC
          http://securitytracker.com/id?1023255
          Tags : vdb-entry, x_refsource_SECTRACK
          http://www.vupen.com/english/advisories/2009/3571
          Tags : vdb-entry, x_refsource_VUPEN
          http://seclists.org/fulldisclosure/2006/Jun/269
          Tags : mailing-list, x_refsource_FULLDISC
          http://secunia.com/advisories/37788
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/37696
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.vupen.com/english/advisories/2009/3570
          Tags : vdb-entry, x_refsource_VUPEN
          http://kb.juniper.net/KB15799
          Tags : x_refsource_CONFIRM
          http://seclists.org/fulldisclosure/2006/Jun/270
          Tags : mailing-list, x_refsource_FULLDISC
          http://www.vupen.com/english/advisories/2009/3568
          Tags : vdb-entry, x_refsource_VUPEN
          http://www.vupen.com/english/advisories/2009/3567
          Tags : vdb-entry, x_refsource_VUPEN
          http://secunia.com/advisories/37789
          Tags : third-party-advisory, x_refsource_SECUNIA