Request History

4 previous requests available

• Restore to current request
• nvdinfos/view/390
• cvereves/view/40756
• nvdreves/view/423381
• cvereves/view/262730

Session

• 0(null)

Request

Cake Params

• plugin(null)
• controllernvdinfos
• actionview
• named(empty)
• pass(array)
  • 049872

Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route

• keys(array)
  • 0controller
  • 1action
• options(array)
  • defaultRoute(true)
• defaults(array)
  • plugin(null)
• template/:controller/:action/*

Sql Logs

Logs

View Variables

• nvdinfo(array)
  • Nvdinfo(array)
    • id49872
    • nameCVE-2009-2631
    • descriptionMultiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN"s domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design.
    • reject(null)
    • CVSS_version2
    • CVSS_score6.8
    • severityMedium
    • CVSS_base_score6.8
    • CVSS_impact_subscore6.4
    • CVSS_exploit_subscore8.6
    • nvd_xml_version(null)
    • CVSS_vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
    • sourcecve
    • pub_date2017-01-07
    • published2009-12-04
    • modified_date2010-12-21
    • typeCVE
    • seq2009-2631
    • deleted(null)
    • created(null)
    • modified(null)
  • Jvninfo(array)
    • 0(array)
      • id41419
      • nameJVNDB-2009-002426
      • title複数の SSL VPN (Web VPN) 製品においてウェブブラウザのセキュリティが迂回される問題
      • summary複数の SSL VPN (Web VPN) 製品には、ウェブブラウザのセキュリティメカニズムを迂回可能な問題が存在します。
      • cveinfo_nameCVE-2009-2631
      • cveinfo_id40062
      • nvdinfo_nameCVE-2009-2631
      • nvdinfo_id49872
      • cvssv26.8
      • cvssv3(null)
      • jvnurlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002426.html
      • published_date2009-12-01
      • registered_date2010-01-20
      • last_updated_date2010-01-20
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified(null)
  • Nvdref(array)
    • 0(array)
      • id252113
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://kb.juniper.net/KB15799
      • sourceCONFIRM
      • urlhttp://kb.juniper.net/KB15799
      • deleted(null)
      • created(null)
      • modified(null)
    • 1(array)
      • id252114
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference20060608 SSL VPNs and security
      • sourceFULLDISC
      • urlhttp://seclists.org/fulldisclosure/2006/Jun/238
      • deleted(null)
      • created(null)
      • modified(null)
    • 2(array)
      • id252115
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference20060609 Re: SSL VPNs and security
      • sourceFULLDISC
      • urlhttp://seclists.org/fulldisclosure/2006/Jun/269
      • deleted(null)
      • created(null)
      • modified(null)
    • 3(array)
      • id252116
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference20060609 Re: SSL VPNs and security
      • sourceFULLDISC
      • urlhttp://seclists.org/fulldisclosure/2006/Jun/270
      • deleted(null)
      • created(null)
      • modified(null)
    • 4(array)
      • id252117
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference1023255
      • sourceSECTRACK
      • urlhttp://securitytracker.com/id?1023255
      • deleted(null)
      • created(null)
      • modified(null)
    • 5(array)
      • id252118
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744
      • sourceCONFIRM
      • urlhttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744
      • deleted(null)
      • created(null)
      • modified(null)
    • 6(array)
      • id252119
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceVU#261869
      • sourceCERT-VN
      • urlhttp://www.kb.cert.org/vuls/id/261869
      • deleted(null)
      • created(null)
      • modified(null)
    • 7(array)
      • id252120
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference20091202 Same-origin policy bypass vulnerabilities in several VPN products reported
      • sourceBUGTRAQ
      • urlhttp://www.securityfocus.com/archive/1/archive/1/508164/100/0/threaded
      • deleted(null)
      • created(null)
      • modified(null)
    • 8(array)
      • id252121
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • reference37152
      • sourceBID
      • urlhttp://www.securityfocus.com/bid/37152
      • deleted(null)
      • created(null)
      • modified(null)
    • 9(array)
      • id252122
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://www.sonicwall.com/us/2123_14882.html
      • sourceCONFIRM
      • urlhttp://www.sonicwall.com/us/2123_14882.html
      • deleted(null)
      • created(null)
      • modified(null)
    • 10(array)
      • id252123
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://www.sonicwall.com/us/2123_14883.html
      • sourceCONFIRM
      • urlhttp://www.sonicwall.com/us/2123_14883.html
      • deleted(null)
      • created(null)
      • modified(null)
    • 11(array)
      • id252124
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://www.stonesoft.com/en/support/security_advisories/2009_03_12.html
      • sourceCONFIRM
      • urlhttp://www.stonesoft.com/en/support/security_advisories/2009_03_12.html
      • deleted(null)
      • created(null)
      • modified(null)
    • 12(array)
      • id252125
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceADV-2009-3567
      • sourceVUPEN
      • urlhttp://www.vupen.com/english/advisories/2009/3567
      • deleted(null)
      • created(null)
      • modified(null)
    • 13(array)
      • id252126
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceADV-2009-3568
      • sourceVUPEN
      • urlhttp://www.vupen.com/english/advisories/2009/3568
      • deleted(null)
      • created(null)
      • modified(null)
    • 14(array)
      • id252127
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceADV-2009-3569
      • sourceVUPEN
      • urlhttp://www.vupen.com/english/advisories/2009/3569
      • deleted(null)
      • created(null)
      • modified(null)
    • 15(array)
      • id252128
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceADV-2009-3570
      • sourceVUPEN
      • urlhttp://www.vupen.com/english/advisories/2009/3570
      • deleted(null)
      • created(null)
      • modified(null)
    • 16(array)
      • id252129
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referenceADV-2009-3571
      • sourceVUPEN
      • urlhttp://www.vupen.com/english/advisories/2009/3571
      • deleted(null)
      • created(null)
      • modified(null)
    • 17(array)
      • id252130
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencehttp://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf
      • sourceCONFIRM
      • urlhttp://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/50/025367-01.pdf
      • deleted(null)
      • created(null)
      • modified(null)
    • 18(array)
      • id252131
      • name(null)
      • nvdinfo_id49872
      • nvdinfo_nameCVE-2009-2631
      • referencesslvpn-sameorigin-security-bypass(54523)
      • sourceXF
      • urlhttp://xforce.iss.net/xforce/xfdb/54523
      • deleted(null)
      • created(null)
      • modified(null)
• $request->data(empty)
• $this->validationErrors(array)
  • Nvdinfo(empty)
  • Jvninfo(empty)
  • Nvdref(empty)
• Loaded Helpers(array)
  • 0Number
  • 1SimpleGraph
  • 2DebugTimer
  • 3Toolbar
  • 4Html
  • 5Text
  • 6Form
  • 7Session
  • 8HtmlToolbar

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/49872
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/49872
Remote Port	6694
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.144.114.4
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	*/*
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.144.114.4
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.144.114.4
Unique Id	aBHA35-lw2Y-w-cEgpPHJwAAAa0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.144.114.4
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.144.114.4
Redirect Unique Id	aBHA35-lw2Y-w-cEgpPHJwAAAa0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.144.114.4
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.144.114.4
Redirect Redirect Unique Id	aBHA35-lw2Y-w-cEgpPHJwAAAa0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1745993951.0427
Request Time	1745993951

Included Files

Include Paths

• 0/virtual/inogo77/public_html/jvn/lib
• 2/opt/remi/php56/root/usr/share/pear
• 3/opt/remi/php56/root/usr/share/php
• 4/usr/share/pear
• 5/usr/share/php
• 6-> /virtual/inogo77/public_html/jvn/lib/Cake/

Included Files

• core(array)
  • Cache(array)
    • 0CORE/Cache/Cache.php
    • 1CORE/Cache/Engine/FileEngine.php
    • 2CORE/Cache/CacheEngine.php
  • Component(array)
    • 0CORE/Controller/Component/SessionComponent.php
  • Config(array)
    • 0CORE/Config/routes.php
    • 1CORE/Config/config.php
  • Controller(array)
    • 0CORE/Controller/Controller.php
    • 1CORE/Controller/ComponentCollection.php
    • 2CORE/Controller/Component.php
  • Datasource(array)
    • 0CORE/Model/Datasource/CakeSession.php
    • 1CORE/Model/Datasource/Database/Mysql.php
    • 2CORE/Model/Datasource/DboSource.php
    • 3CORE/Model/Datasource/DataSource.php
  • Error(array)
    • 0CORE/Error/exceptions.php
    • 1CORE/Error/ErrorHandler.php
  • I18n(array)
    • 0CORE/I18n/I18n.php
    • 1CORE/I18n/L10n.php
  • Log(array)
    • 0CORE/Log/CakeLog.php
    • 1CORE/Log/LogEngineCollection.php
    • 2CORE/Log/Engine/FileLog.php
    • 3CORE/Log/Engine/BaseLog.php
    • 4CORE/Log/CakeLogInterface.php
  • Model(array)
    • 0CORE/Model/Model.php
    • 1CORE/Model/BehaviorCollection.php
    • 2CORE/Model/ConnectionManager.php
  • Network(array)
    • 0CORE/Network/CakeRequest.php
    • 1CORE/Network/CakeResponse.php
  • Other(array)
    • 0CORE/bootstrap.php
    • 1CORE/basics.php
    • 2CORE/Core/App.php
    • 3CORE/Core/Configure.php
    • 4CORE/Core/CakePlugin.php
    • 5CORE/Event/CakeEventListener.php
    • 6CORE/Event/CakeEvent.php
    • 7CORE/Event/CakeEventManager.php
    • 8CORE/Core/Object.php
  • Routing(array)
    • 0CORE/Routing/Dispatcher.php
    • 1CORE/Routing/Filter/AssetDispatcher.php
    • 2CORE/Routing/DispatcherFilter.php
    • 3CORE/Routing/Filter/CacheDispatcher.php
    • 4CORE/Routing/Router.php
    • 5CORE/Routing/Route/CakeRoute.php
    • 6CORE/Routing/Route/PluginShortRoute.php
  • Utility(array)
    • 0CORE/Utility/Hash.php
    • 1CORE/Utility/Inflector.php
    • 2CORE/Utility/ObjectCollection.php
    • 3CORE/Utility/Debugger.php
    • 4CORE/Utility/String.php
    • 5CORE/Utility/ClassRegistry.php
  • View(array)
    • 0CORE/View/HelperCollection.php
• app(array)
  • Component(array)
    • 0APP/Controller/Component/CommonComponent.php
  • Config(array)
    • 0APP/Config/core.php
    • 1APP/Config/bootstrap.php
    • 2APP/Config/routes.php
    • 3APP/Config/database.php
  • Controller(array)
    • 0APP/Controller/NvdinfosController.php
    • 1APP/Controller/AppController.php
  • Model(array)
    • 0APP/Model/Nvdinfo.php
    • 1APP/Model/AppModel.php
    • 2APP/Model/Jvninfo.php
    • 3APP/Model/Nvdref.php
  • Other(array)
    • 0APP/webroot/index.php
• plugins(array)
  • DebugKit(array)
    • Component(array)
      • 0DebugKit/Controller/Component/ToolbarComponent.php
    • Other(array)
      • 0DebugKit/Lib/DebugMemory.php
      • 1DebugKit/Lib/Panel/HistoryPanel.php
      • 2DebugKit/Lib/DebugPanel.php
      • 3DebugKit/Lib/Panel/SessionPanel.php
      • 4DebugKit/Lib/Panel/RequestPanel.php
      • 5DebugKit/Lib/Panel/SqlLogPanel.php
      • 6DebugKit/Lib/Panel/TimerPanel.php
      • 7DebugKit/Lib/Panel/LogPanel.php
      • 8DebugKit/Lib/Panel/VariablesPanel.php
      • 9DebugKit/Lib/Panel/EnvironmentPanel.php
      • 10DebugKit/Lib/Panel/IncludePanel.php
      • 11DebugKit/Lib/DebugTimer.php
    • Log(array)
      • 0DebugKit/Lib/Log/Engine/DebugKitLog.php