Vulnerabilities in several clientless SSL VPN products have been reported. Gathering authentication cookies etc. is reportedly possible. At time of writing US-CERT's advisory lists the status of about 90 vendors. US-CERT Vulnerability Note VU#261869: http://www.kb.cert.org/vuls/id/261869 Severity metric is remarkable high: 45,00. This issue is CVE-2009-2631. Juha-Matti
