Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ssl_vpn by sonicwall

    CVE-2009-2631 (GCVE-0-2009-2631)

    Vulnerability from nvd – Published: 2009-12-04 11:00 – Updated: 2025-06-16 20:54
    VLAI
    Title
    Clientless SSL VPN products break web browser domain-based security models
    Summary
    Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/261869
    https://security.paloaltonetworks.com/PAN-SA-2025-0005
    http://secunia.com/advisories/37786 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://www116.nortel.com/pub/repository/CLARIFY/D… x_refsource_CONFIRMx_transferred
    http://www.securityfocus.com/archive/1/508164/100… mailing-listx_refsource_BUGTRAQx_transferred
    http://support.nortel.com/go/main.jsp?cscat=BLTND… x_refsource_CONFIRMx_transferred
    http://www.kb.cert.org/vuls/id/261869 third-party-advisoryx_refsource_CERT-VNx_transferred
    http://www.securityfocus.com/bid/37152 vdb-entryx_refsource_BIDx_transferred
    http://www.stonesoft.com/en/support/security_advi… x_refsource_CONFIRMx_transferred
    http://www.vupen.com/english/advisories/2009/3569 vdb-entryx_refsource_VUPENx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/238 mailing-listx_refsource_FULLDISCx_transferred
    http://securitytracker.com/id?1023255 vdb-entryx_refsource_SECTRACKx_transferred
    http://www.vupen.com/english/advisories/2009/3571 vdb-entryx_refsource_VUPENx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/269 mailing-listx_refsource_FULLDISCx_transferred
    http://secunia.com/advisories/37788 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://secunia.com/advisories/37696 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://www.sonicwall.com/us/2123_14882.html x_refsource_CONFIRMx_transferred
    http://www.sonicwall.com/us/2123_14883.html x_refsource_CONFIRMx_transferred
    http://www.vupen.com/english/advisories/2009/3570 vdb-entryx_refsource_VUPENx_transferred
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XFx_transferred
    http://kb.juniper.net/KB15799 x_refsource_CONFIRMx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/270 mailing-listx_refsource_FULLDISCx_transferred
    http://www.vupen.com/english/advisories/2009/3568 vdb-entryx_refsource_VUPENx_transferred
    http://www.vupen.com/english/advisories/2009/3567 vdb-entryx_refsource_VUPENx_transferred
    http://secunia.com/advisories/37789 third-party-advisoryx_refsource_SECUNIAx_transferred
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37786",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37786"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf"
              },
              {
                "name": "20091202 Same-origin policy bypass vulnerabilities in several VPN products reported",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508164/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=984744"
              },
              {
                "name": "VU#261869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/261869"
              },
              {
                "name": "37152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37152"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html"
              },
              {
                "name": "ADV-2009-3569",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3569"
              },
              {
                "name": "20060608 SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/238"
              },
              {
                "name": "1023255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023255"
              },
              {
                "name": "ADV-2009-3571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3571"
              },
              {
                "name": "20060609 Re: SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/269"
              },
              {
                "name": "37788",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37788"
              },
              {
                "name": "37696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/2123_14882.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/2123_14883.html"
              },
              {
                "name": "ADV-2009-3570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3570"
              },
              {
                "name": "sslvpn-sameorigin-security-bypass(54523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54523"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/KB15799"
              },
              {
                "name": "20060609 Re: SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/270"
              },
              {
                "name": "ADV-2009-3568",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3568"
              },
              {
                "name": "ADV-2009-3567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3567"
              },
              {
                "name": "37789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37789"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adaptive Security Appliance Web SSL VPN",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "product": "PAN OS Web SSL VPN",
              "vendor": "Palo Alto",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:aladdin:safenet_securewire_access_gateway:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:sonicwall:e-class_ssl_vpn:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:sonicwall:ssl_vpn:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:stonesoft:stonegate:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN\u0027s domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.  NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T20:54:35.965Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "CERT/CC Advisory",
              "url": "https://www.kb.cert.org/vuls/id/261869"
            },
            {
              "name": "Vendor-Advisory",
              "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0005"
            }
          ],
          "title": "Clientless SSL VPN products break web browser domain-based security models",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-2631",
        "datePublished": "2009-12-04T11:00:00.000Z",
        "dateReserved": "2009-07-28T00:00:00.000Z",
        "dateUpdated": "2025-06-16T20:54:35.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5814 (GCVE-0-2007-5814)

    Vulnerability from nvd – Published: 2007-11-05 18:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/3696 vdb-entryx_refsource_VUPEN
    http://www.sec-consult.com/fileadmin/Advisories/2… x_refsource_MISC
    http://securityreason.com/securityalert/3342 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/26288 vdb-entryx_refsource_BID
    http://secunia.com/advisories/27469 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/483097/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.sec-consult.com/303.html x_refsource_MISC
    Date Public
    2007-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-3696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
              },
              {
                "name": "3342",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3342"
              },
              {
                "name": "26288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26288"
              },
              {
                "name": "27469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27469"
              },
              {
                "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
              },
              {
                "name": "sonicwall-nelaunchctrl-bo(38220)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/303.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.  NOTE: the AddRouteEntry vector is covered by CVE-2007-5603."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-3696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
            },
            {
              "name": "3342",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3342"
            },
            {
              "name": "26288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26288"
            },
            {
              "name": "27469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27469"
            },
            {
              "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
            },
            {
              "name": "sonicwall-nelaunchctrl-bo(38220)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/303.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5814",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.  NOTE: the AddRouteEntry vector is covered by CVE-2007-5603."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-3696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3696"
                },
                {
                  "name": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
                },
                {
                  "name": "3342",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3342"
                },
                {
                  "name": "26288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26288"
                },
                {
                  "name": "27469",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27469"
                },
                {
                  "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
                },
                {
                  "name": "sonicwall-nelaunchctrl-bo(38220)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
                },
                {
                  "name": "http://www.sec-consult.com/303.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/303.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5814",
        "datePublished": "2007-11-05T18:00:00.000Z",
        "dateReserved": "2007-11-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5603 (GCVE-0-2007-5603)

    Vulnerability from nvd – Published: 2007-11-05 18:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/WDON-78K56M x_refsource_MISC
    http://www.kb.cert.org/vuls/id/298521 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/3696 vdb-entryx_refsource_VUPEN
    http://www.sec-consult.com/fileadmin/Advisories/2… x_refsource_MISC
    https://www.exploit-db.com/exploits/4594 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3342 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/26288 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1018891 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27469 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/483097/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.sec-consult.com/303.html x_refsource_MISC
    Date Public
    2007-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
              },
              {
                "name": "VU#298521",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/298521"
              },
              {
                "name": "ADV-2007-3696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
              },
              {
                "name": "4594",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4594"
              },
              {
                "name": "3342",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3342"
              },
              {
                "name": "26288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26288"
              },
              {
                "name": "1018891",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018891"
              },
              {
                "name": "27469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27469"
              },
              {
                "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
              },
              {
                "name": "sonicwall-nelaunchctrl-bo(38220)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/303.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
            },
            {
              "name": "VU#298521",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/298521"
            },
            {
              "name": "ADV-2007-3696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
            },
            {
              "name": "4594",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4594"
            },
            {
              "name": "3342",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3342"
            },
            {
              "name": "26288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26288"
            },
            {
              "name": "1018891",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018891"
            },
            {
              "name": "27469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27469"
            },
            {
              "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
            },
            {
              "name": "sonicwall-nelaunchctrl-bo(38220)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/303.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2007-5603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/WDON-78K56M",
                  "refsource": "MISC",
                  "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
                },
                {
                  "name": "VU#298521",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/298521"
                },
                {
                  "name": "ADV-2007-3696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3696"
                },
                {
                  "name": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
                },
                {
                  "name": "4594",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4594"
                },
                {
                  "name": "3342",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3342"
                },
                {
                  "name": "26288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26288"
                },
                {
                  "name": "1018891",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018891"
                },
                {
                  "name": "27469",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27469"
                },
                {
                  "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
                },
                {
                  "name": "sonicwall-nelaunchctrl-bo(38220)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
                },
                {
                  "name": "http://www.sec-consult.com/303.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/303.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2007-5603",
        "datePublished": "2007-11-05T18:00:00.000Z",
        "dateReserved": "2007-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2631 (GCVE-0-2009-2631)

    Vulnerability from cvelistv5 – Published: 2009-12-04 11:00 – Updated: 2025-06-16 20:54
    VLAI
    Title
    Clientless SSL VPN products break web browser domain-based security models
    Summary
    Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/261869
    https://security.paloaltonetworks.com/PAN-SA-2025-0005
    http://secunia.com/advisories/37786 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://www116.nortel.com/pub/repository/CLARIFY/D… x_refsource_CONFIRMx_transferred
    http://www.securityfocus.com/archive/1/508164/100… mailing-listx_refsource_BUGTRAQx_transferred
    http://support.nortel.com/go/main.jsp?cscat=BLTND… x_refsource_CONFIRMx_transferred
    http://www.kb.cert.org/vuls/id/261869 third-party-advisoryx_refsource_CERT-VNx_transferred
    http://www.securityfocus.com/bid/37152 vdb-entryx_refsource_BIDx_transferred
    http://www.stonesoft.com/en/support/security_advi… x_refsource_CONFIRMx_transferred
    http://www.vupen.com/english/advisories/2009/3569 vdb-entryx_refsource_VUPENx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/238 mailing-listx_refsource_FULLDISCx_transferred
    http://securitytracker.com/id?1023255 vdb-entryx_refsource_SECTRACKx_transferred
    http://www.vupen.com/english/advisories/2009/3571 vdb-entryx_refsource_VUPENx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/269 mailing-listx_refsource_FULLDISCx_transferred
    http://secunia.com/advisories/37788 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://secunia.com/advisories/37696 third-party-advisoryx_refsource_SECUNIAx_transferred
    http://www.sonicwall.com/us/2123_14882.html x_refsource_CONFIRMx_transferred
    http://www.sonicwall.com/us/2123_14883.html x_refsource_CONFIRMx_transferred
    http://www.vupen.com/english/advisories/2009/3570 vdb-entryx_refsource_VUPENx_transferred
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XFx_transferred
    http://kb.juniper.net/KB15799 x_refsource_CONFIRMx_transferred
    http://seclists.org/fulldisclosure/2006/Jun/270 mailing-listx_refsource_FULLDISCx_transferred
    http://www.vupen.com/english/advisories/2009/3568 vdb-entryx_refsource_VUPENx_transferred
    http://www.vupen.com/english/advisories/2009/3567 vdb-entryx_refsource_VUPENx_transferred
    http://secunia.com/advisories/37789 third-party-advisoryx_refsource_SECUNIAx_transferred
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "37786",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37786"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf"
              },
              {
                "name": "20091202 Same-origin policy bypass vulnerabilities in several VPN products reported",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508164/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=984744"
              },
              {
                "name": "VU#261869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/261869"
              },
              {
                "name": "37152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37152"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.stonesoft.com/en/support/security_advisories/2009_03_12.html"
              },
              {
                "name": "ADV-2009-3569",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3569"
              },
              {
                "name": "20060608 SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/238"
              },
              {
                "name": "1023255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023255"
              },
              {
                "name": "ADV-2009-3571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3571"
              },
              {
                "name": "20060609 Re: SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/269"
              },
              {
                "name": "37788",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37788"
              },
              {
                "name": "37696",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37696"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/2123_14882.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sonicwall.com/us/2123_14883.html"
              },
              {
                "name": "ADV-2009-3570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3570"
              },
              {
                "name": "sslvpn-sameorigin-security-bypass(54523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54523"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/KB15799"
              },
              {
                "name": "20060609 Re: SSL VPNs and security",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2006/Jun/270"
              },
              {
                "name": "ADV-2009-3568",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3568"
              },
              {
                "name": "ADV-2009-3567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3567"
              },
              {
                "name": "37789",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37789"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adaptive Security Appliance Web SSL VPN",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "product": "PAN OS Web SSL VPN",
              "vendor": "Palo Alto",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:aladdin:safenet_securewire_access_gateway:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:sonicwall:e-class_ssl_vpn:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:sonicwall:ssl_vpn:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:h:stonesoft:stonegate:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN\u0027s domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks.  NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T20:54:35.965Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "CERT/CC Advisory",
              "url": "https://www.kb.cert.org/vuls/id/261869"
            },
            {
              "name": "Vendor-Advisory",
              "url": "https://security.paloaltonetworks.com/PAN-SA-2025-0005"
            }
          ],
          "title": "Clientless SSL VPN products break web browser domain-based security models",
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-2631",
        "datePublished": "2009-12-04T11:00:00.000Z",
        "dateReserved": "2009-07-28T00:00:00.000Z",
        "dateUpdated": "2025-06-16T20:54:35.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5814 (GCVE-0-2007-5814)

    Vulnerability from cvelistv5 – Published: 2007-11-05 18:00 – Updated: 2024-08-07 15:47
    VLAI
    Summary
    Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/3696 vdb-entryx_refsource_VUPEN
    http://www.sec-consult.com/fileadmin/Advisories/2… x_refsource_MISC
    http://securityreason.com/securityalert/3342 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/26288 vdb-entryx_refsource_BID
    http://secunia.com/advisories/27469 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/483097/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.sec-consult.com/303.html x_refsource_MISC
    Date Public
    2007-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:47:00.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-3696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
              },
              {
                "name": "3342",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3342"
              },
              {
                "name": "26288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26288"
              },
              {
                "name": "27469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27469"
              },
              {
                "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
              },
              {
                "name": "sonicwall-nelaunchctrl-bo(38220)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/303.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.  NOTE: the AddRouteEntry vector is covered by CVE-2007-5603."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-3696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
            },
            {
              "name": "3342",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3342"
            },
            {
              "name": "26288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26288"
            },
            {
              "name": "27469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27469"
            },
            {
              "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
            },
            {
              "name": "sonicwall-nelaunchctrl-bo(38220)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/303.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5814",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.  NOTE: the AddRouteEntry vector is covered by CVE-2007-5603."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-3696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3696"
                },
                {
                  "name": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
                },
                {
                  "name": "3342",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3342"
                },
                {
                  "name": "26288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26288"
                },
                {
                  "name": "27469",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27469"
                },
                {
                  "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
                },
                {
                  "name": "sonicwall-nelaunchctrl-bo(38220)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
                },
                {
                  "name": "http://www.sec-consult.com/303.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/303.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5814",
        "datePublished": "2007-11-05T18:00:00.000Z",
        "dateReserved": "2007-11-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:47:00.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5603 (GCVE-0-2007-5603)

    Vulnerability from cvelistv5 – Published: 2007-11-05 18:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/WDON-78K56M x_refsource_MISC
    http://www.kb.cert.org/vuls/id/298521 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/3696 vdb-entryx_refsource_VUPEN
    http://www.sec-consult.com/fileadmin/Advisories/2… x_refsource_MISC
    https://www.exploit-db.com/exploits/4594 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3342 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/26288 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1018891 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27469 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/483097/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.sec-consult.com/303.html x_refsource_MISC
    Date Public
    2007-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
              },
              {
                "name": "VU#298521",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/298521"
              },
              {
                "name": "ADV-2007-3696",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3696"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
              },
              {
                "name": "4594",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4594"
              },
              {
                "name": "3342",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3342"
              },
              {
                "name": "26288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26288"
              },
              {
                "name": "1018891",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018891"
              },
              {
                "name": "27469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27469"
              },
              {
                "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
              },
              {
                "name": "sonicwall-nelaunchctrl-bo(38220)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/303.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
            },
            {
              "name": "VU#298521",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/298521"
            },
            {
              "name": "ADV-2007-3696",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3696"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
            },
            {
              "name": "4594",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4594"
            },
            {
              "name": "3342",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3342"
            },
            {
              "name": "26288",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26288"
            },
            {
              "name": "1018891",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018891"
            },
            {
              "name": "27469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27469"
            },
            {
              "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
            },
            {
              "name": "sonicwall-nelaunchctrl-bo(38220)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/303.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2007-5603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/WDON-78K56M",
                  "refsource": "MISC",
                  "url": "http://www.kb.cert.org/vuls/id/WDON-78K56M"
                },
                {
                  "name": "VU#298521",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/298521"
                },
                {
                  "name": "ADV-2007-3696",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3696"
                },
                {
                  "name": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt"
                },
                {
                  "name": "4594",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4594"
                },
                {
                  "name": "3342",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3342"
                },
                {
                  "name": "26288",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26288"
                },
                {
                  "name": "1018891",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018891"
                },
                {
                  "name": "27469",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27469"
                },
                {
                  "name": "20071101 SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALLSSL-VPN Client",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/483097/100/0/threaded"
                },
                {
                  "name": "sonicwall-nelaunchctrl-bo(38220)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38220"
                },
                {
                  "name": "http://www.sec-consult.com/303.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/303.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2007-5603",
        "datePublished": "2007-11-05T18:00:00.000Z",
        "dateReserved": "2007-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }