CVE-2009-0628

Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service memory consumption and device crash by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block TCB leak...

CVE-2009-0626

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service device reload or hang via a crafted HTTPS packet...

CVE-2009-0628

CVE-2009-0628 affects Cisco IOS WebVPN/SSLVPN. The vulnerability is a memory leak in SSLVPN sessions after abnormally disconnected SSL sessions, potentially exhausting memory and crashing the device. Exploitation does not require authentication. Cisco’s advisory (cisco-sa-20090325-webvpn) documen...

CVE-2009-0626

The CVE-2009-0626 entry covers Cisco IOS WebVPN/SSLVPN vulnerabilities in 12.3–12.4. A crafted HTTPS packet can cause a device reload/hang (Crash). The adjacent CVE-2009-0628 describes a memory‑leak condition in SSLVPN sessions that can exhaust memory and crash the device. Affected releases inclu...

Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software WebVPN and SSLVPN Vulnerabilities Advisory ID: cisco-sa-20090325-webvpn http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC GMT -...

Cisco IOS Software WebVPN and SSLVPN Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CVE-2007-1309

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt...

Design/Logic Flaw

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt...

CVE-2007-1309

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt...

CVE-2007-1309

CVE-2007-1309 - detailed findings : The vulnerability affects Novell Access Management 3 SSLVPN Server. It allows remote authenticated users to bypass VPN restrictions by manipulating policy.txt: first set policy.txt read-only to disconnect, then modify policy.txt to alter policies. The underlyin...

Novell Access Manager SSLVPN服务器policy.txt绕过安全限制漏洞

Novell Access Manager是一个综合的Web访问管理解决方案。 Novell Access Manager在认证机制的实现上存在漏洞，客户端可能利用此漏洞绕过必要的认证获取非授权访问。 工作站连接到SSLVPN服务器并在IE中下载了ActiveX控件后，会在用户目录下创建policy.txt文件，包含有说明哪些通讯和端口可以通过VPN的规则。 如果用户将这个文件设置为只读，之后断开，然后在重新连接之前手动编辑该文件的话，就可以访问企业LAN中的任意资源。例如，更改文件包含以下内容： sslize from : 0.0.0.0 / 0 to...

Novell Access Management SSLVPN Server - Security Bypass

source: https://www.securityfocus.com/bid/22787/info Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability. A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attack...

Novell Access Management SSLVPN Server - Security Bypass

Novell Access Management SSLVPN Server - Security Bypass source: https://www.securityfocus.com/bid/22787/info Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability. A remote authenticated attacker can exploit this issue to access corporate resources normally restricte...