aep NETWORKS Information for VU#261869
Clientless SSL VPN products break web browser domain-based security models
- Vendor Information Help Date Notified: 06 Nov 2009
- Statement Date: 17 Dec 2009
- Date Updated: 17 Dec 2009
Regarding US-CERT Vulnerability Note VU# 261869, AEP Netilla currently mitigates exposure because of its secure design. By default, AEP Netilla is “locked down” meaning all access to and from Netilla is denied. All types of access must be explicitly granted. Thus, when a Web reverse proxy application is configured on Netilla, users cannot access the application and Netilla will not allow the connection to the application until policies that grant access are created. Details such as whether or not to allow cookies are part of the connection access policy.
Because all access to and from Netilla is denied by default, any attempt to direct a user to an attacker created web page will be denied. Netilla is also protected from the other method described in the Vulnerability Note where user key strokes are trapped in a hidden frame. When that frame attempts to send out the captured data, the data is re-written to go to Netilla where Netilla's policy checking engine will drop the data.
The vendor has not provided us with any further information regarding this vulnerability.
CERT/CC has listed AEP Networks as vulnerable because certain configurations are subject to the issues described in the note. Administrators are encouraged to review their deployment for applicability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.