funsec mailing list archives
Same-origin policy bypass vulnerabilities in several VPN products reported
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 2 Dec 2009 13:58:18 +0200 (EET)
Vulnerabilities in several clientless SSL VPN products have been reported. Gathering authentication cookies etc. is reportedly possible. At time of writing US-CERT's advisory lists the status of about 90 vendors. US-CERT Vulnerability Note VU#261869: http://www.kb.cert.org/vuls/id/261869 It appears that severity metric is remarkable high: 45,00. Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Same-origin policy bypass vulnerabilities in several VPN products reported Juha-Matti Laurio (Dec 02)