Key Information Vulnerability Overview Vulnerability Name: Clientless SSL VPN products break web browser domain-based security models Vulnerability ID: VU#4201869 Release Date: 2007-07-30 Update Date: 2022-06-16 Description Issue: Clientless SSL VPN products from multiple vendors operate in a manner that breaks the web browser’s domain-based security model. Impact: Attackers can exploit these flaws to bypass the same-origin policy, accessing or modifying content from other sites (e.g., JavaScript). Impact Risk: Attackers may use specially-crafted web pages to obtain users’ sensitive information and non-media content, including cookies, scripts, and HTML content. Specific Risks: May lead to Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and other attacks. Solution Restrict URL Rewriting to Trusted Domains: Configure the VPN server to rewrite only specific internal addresses. Restrict VPN Server Network Connections to Trusted Domains: Configure the VPN server to access only designated network domains. Disable URL Hiding Feature: Disable the Obfuscating URL Hiding feature to prevent attackers from hiding actual URLs. CVSS Metrics Base Score: 6.8 Temporal Score: 6.1 Environmental Score: 4.6 References Mozilla Documentation on Same-Origin Policy OWASP Guide on Cookie Security Additional Information CVE ID: CVE-2007-3585 API URL: https://vuln.cisecurity.org/vuln/CVE-2007-3585