CVE-2022-21826
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
| CWE | CWE-444 |
| Vendor | n/a |
| Product | pulse connect secure vpn server |
| Published | Sep 30, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a pulse connect secure vpn server
Be the first to know when new unknown vulnerabilities affecting n/a pulse connect secure vpn server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / Pulse Connect Secure VPN Server
9.1R14 and below