Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2022-21826
HistorySep 30, 2022 - 4:24 p.m.

CVE-2022-21826

2022-09-3016:24:25
CWE-444
hackerone
www.cve.org
2
pulse secure
http request smuggling
post request
xss
vulnerability

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request’s Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

CNA Affected

[
  {
    "product": "Pulse Connect Secure VPN Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "9.1R14 and below"
      }
    ]
  }
]

Related

nessus 1
checkpoint_advisories 1
prion 1
cve 1
nvd 1
nessus
nessus
Pulse Connect Secure < 9.1R16 Client Side Desync (SA45476)
2022-11-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Pulse Connect Secure HTTP Request Smuggling (CVE-2022-21826)
2022-10-31 00:00:00
prion
prion
Design/Logic Flaw
2022-09-30 17:15:00
cve
cve
CVE-2022-21826
2022-09-30 17:15:12
nvd
nvd
CVE-2022-21826
2022-09-30 17:15:12

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON
Related for CVELIST:CVE-2022-21826
nessus1checkpoint_advisories1prion1cve1nvd1