U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2009-2631 Detail

Current Description

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design


View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://kb.juniper.net/KB15799 CVE
http://seclists.org/fulldisclosure/2006/Jun/238 CVE
http://seclists.org/fulldisclosure/2006/Jun/269 CVE
http://seclists.org/fulldisclosure/2006/Jun/270 CVE
http://secunia.com/advisories/37696 CVE Vendor Advisory 
http://secunia.com/advisories/37786 CVE Vendor Advisory 
http://secunia.com/advisories/37788 CVE Vendor Advisory 
http://secunia.com/advisories/37789 CVE Vendor Advisory 
http://securitytracker.com/id?1023255 CVE
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744 CVE
http://www.kb.cert.org/vuls/id/261869 CVE US Government Resource 
http://www.securityfocus.com/archive/1/508164/100/0/threaded CVE
http://www.securityfocus.com/bid/37152 CVE
http://www.sonicwall.com/us/2123_14882.html CVE Vendor Advisory 
http://www.sonicwall.com/us/2123_14883.html CVE Vendor Advisory 
http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html CVE Vendor Advisory 
http://www.vupen.com/english/advisories/2009/3567 CVE Vendor Advisory 
http://www.vupen.com/english/advisories/2009/3568 CVE Vendor Advisory 
http://www.vupen.com/english/advisories/2009/3569 CVE Vendor Advisory 
http://www.vupen.com/english/advisories/2009/3570 CVE Vendor Advisory 
http://www.vupen.com/english/advisories/2009/3571 CVE Vendor Advisory 
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf CVE
https://exchange.xforce.ibmcloud.com/vulnerabilities/54523 CVE
https://security.paloaltonetworks.com/PAN-SA-2025-0005 CERT/CC
https://www.kb.cert.org/vuls/id/261869 CERT/CC

Weakness Enumeration

CWE-ID CWE Name Source
CWE-264 Permissions, Privileges, and Access Controls cwe source acceptance level NIST  
CWE-284 Improper Access Control CERT/CC  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2009-2631
NVD Published Date:
12/04/2009
NVD Last Modified:
06/16/2025
Source:
CERT/CC