CVE-2009-2631— Clientless SSL VPN products break web browser domain-based security models
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-2631
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Clientless SSL VPN products break web browser domain-based security models
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
SSL VPN 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SSL VPN是采用SSL协议来实现远程接入的一种新型VPN技术。它包括:服务器认证,客户认证、SSL链路上的数据完整性和SSL链路上的数据保密性。 SSL VPN 存在安全漏洞,该漏洞允许远程访问攻击者进行跨站点脚本攻击、读取源自其他域的 cookie、访问 Web VPN 会话以获取内部资源的访问权限、执行密钥记录以及进行其他攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Adaptive Security Appliance Web SSL VPN | * | - | |
| Palo Alto | PAN OS Web SSL VPN | * | - |
II. Public POCs for CVE-2009-2631
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-2631
请登录查看更多情报信息。
- http://www.sonicwall.com/us/2123_14883.htmlx_refsource_CONFIRM
- http://www.stonesoft.com/en/support/security_advisories/2009_03_12.htmlx_refsource_CONFIRM
- http://kb.juniper.net/KB15799x_refsource_CONFIRM
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744x_refsource_CONFIRM
- http://www.sonicwall.com/us/2123_14882.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2009-2631
IV. Related Vulnerabilities
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2009-2631
No comments yet