search

Avaya VU#261869: Bedienungsanleitung

Stöbern Sie online oder laden Sie Bedienungsanleitung nach Gateways / Controller Avaya VU#261869: herunter. Avaya VU#261869: User's Manual Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 9
  • Inhaltsverzeichnis
  • LESEZEICHEN
    • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 0
Source:
US-CERT Vulnerability Note on the Clientless SSL VPN
Security Issues at: http://www.kb.cert.org/vuls/id/261869
CVE-2009-2631 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2631
CERT- Coordination Center CA-200-02 is available at:
http://www.cert.org/advisories/CA-2000-02.html#impact
BULLETIN ID: 2009009920, Rev 1
PUBLISHED: 2009-12-15
STATUS: Active
REGION: All
PRIORITY: Critical
TYPE: Security Advisory
Overview:
Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security
mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.
By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens
and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL
VPN. This effectively eliminates same origin policy restrictions in all browsers. Because all content
runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as
Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For example, the attacker may be
able to capture keystrokes while a user is interacting with a web page. For additional information about
impacts, please review CERT Advisory CA-2000-02.
There is no solution to this problem. Depending on their specific configuration and location in the network these devices
may be impossible to operate securely. Administrators are encouraged to view the workarounds detailed in the Solutions
section of the US-CERT Vulnerability Note for the following:
1. Limit URL rewriting to trusted domains
2. Block the VPN server from accessing untrusted domains
3. Disable URL hiding features
Before taking any action please ensure that you are viewing the latest official version of this security advisory by
referencing http://www.nortel.com/securityadvisories
For more information:
Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region.
Nortel security advisories: http://nortel.com/securityadvisories
Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
.
>TECHNICAL SUPPORT
. SECURITY ADVISORY BULLETIN
.
.
Nortel Enterprise Response to VU#261869: Clientless SSL VPN Security Issue
Seitenansicht 0
1 2 3 4 5 6 7 8 9

Inhaltsverzeichnis

Seite 1

Source:US-CERT Vulnerability Note on the Clientless SSL VPNSecurity Issues at: http://www.kb.cert.org/vuls/id/261869CVE-2009-2631 at:http://cve.mitre.

Seite 2 - Resolution:

Symptoms:Please refer to the Resolution section herein for product-specific information from Nortel.Prevention:Please refer to the Resolution section

Seite 3 - Page: 3 of 9

Contact Center - Remote Agent Observe. Contact Center portfolio products have no dependency on any affected Clientless SSL VPN products and thevulnera

Seite 4 - Products and Releases:

Norstar Peripherals - Norstar VoIP Gateway. Clientless SSL is not used on any Norstar products. Hence, the Norstar KSUs and Norstar applications are n

Seite 5 - Page: 5 of 9

BCM-BCM-BCM50 GlobalBCM-BCM-BCM50 N.A.BCM-BCM-BCM50 R2 GlobalBCM-BCM-BCM50 R2 N.A.BCM-BCM-BCM50 R3 GlobalBCM-BCM-BCM50 R3 N.A.BCM-BCM-BCM50a GlobalBCM

Seite 6 - Page: 6 of 9

BCM-BCM-SRG50b 3.0 GlobalCallPilot-CallPilot-CallPilot 1002rpCallPilot-CallPilot-CallPilot 1005rCallPilot-CallPilot-CallPilot 201iCallPilot-CallPilot-

Seite 7 - Page: 7 of 9

Ethernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch 8393SFEthernet Rtng Switch-Ethrnt Rtng Swt 8300-Ethernet Rtng Switch 8394SFEthernet Rtn

Seite 8 - Page: 8 of 9

Secure Ntwk Access-Switch 4000-Secure Ntwk Access Swt 4050Secure Ntwk Access-Switch 4000-Secure Ntwk Access Swt 4070Secure Router-1000-Secure Router 1

Seite 9 - PATCH ID:

WLAN-2300-WLAN Security Switch 2382To view the most recent version of this bulletin, access technical documentation, searchour knowledge base, or to c

Kommentare zu diesen Handbüchern

Keine Kommentare
Verwandte Produkte und Handbücher für Gateways / Controller Avaya VU#261869:
Gateways / Controller Avaya BCM 2.0 IP Telephony Bedienungsanleitung   (76 Seiten)
Gateways / Controller Avaya IP500 V2 Betriebsanleitung   (442 Seiten)
Gateways / Controller Avaya SM61 Bedienungsanleitung   (34 Seiten)
  • ADLINK Technology D16 Renishaw AWS BOB Gear
  • Netgear Netzwerkantennen QVS Nein GE Mobile Klimaanlagen RCA Videokonverter Belkin Flachbildschirmzubehör
  • Samsung RSH7ZNPN Cisco 8961 Samsung QE55Q7FAML Ibm R31 Sony BDP-S6200
  • Hampton Bay THD130418.1a.OF Bedienerhandbuch Hp LASERJET 300 Bedienungsanleitung Samsung WW60J3283LW Handbuch Acer K335 Betriebsanweisung