SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco ASA Vendors:   Cisco
Cisco ASA Clientless SSL VPN Feature Lets Remote Users Bypass Web Browser Same-Origin Policy Restrictions
SecurityTracker Alert ID:  1023255
SecurityTracker URL:  http://securitytracker.com/id/1023255
CVE Reference:   CVE-2009-2631   (Links to External Site)
Date:  Dec 1 2009
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco ASA. A remote user can bypass the same-origin policy restrictions provided by the web browser.

A remote user can create specially crafted HTML that, when loaded by the target user via a clientless SSL VPN, will be able to access the target user's cookies (including authentication cookies), if any, associated with the VPN or with arbitrary sites accessed via the VPN, access data recently submitted by the target user via web form to the sites, or take actions on the sites acting as the target user.

The original advisory is available at:

http://www.kb.cert.org/vuls/id/261869

David Warren and Ryan Giobbi from US-CERT reported this vulnerability, based on initial research from Michael Zalewski.

[Editor's notes: Products from several vendors are affected, including Cisco, Juniper, SafeNet, and SonicWall.]

Impact:   A remote user can bypass the same-origin policy restrictions provided by the web browser to access the target user's cookies (including authentication cookies), if any, associated with the VPN or with arbitrary sites accessed via the VPN, access data recently submitted by the target user via web form to the sites, or take actions on the sites acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cisco.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC