CVE Published: 30/09/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: hackerone |
Vendor: n/a |
Product: Pulse Connect Secure VPN Server Status : PUBLISHED
CVE-2022-21826 Description
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request\'s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.