Pulse Connect Secure < 9.1R16 Client Side Desync (SA45476)

The Pulse Connect Secure installed on the remote host is prior to 9.1R16. It is, therefore, affected by client-side http request smuggling. When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends u...

U.S. Dept Of Defense: HTTP Request Smuggling

hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...