CVE-2022-21826
published 2022-09-30CVE-2022-21826: Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the…
PriorityP343medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
45.23%
98.6th percentile
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| pulsesecure | pulse_connect_secure | < 9.1 | 9.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2022-21826
vendor_ivanti·2022-09-30·CVSS 5.4
CVE-2022-21826 [MEDIUM] CWE-444 Ivanti Security Advisory: CVE-2022-21826
Ivanti Security Advisory: CVE-2022-21826
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
CVE IDs: CVE-2022-21826
CVSS Base Score: 5.4
Severity: MEDIUM
CWEs: CWE-444
GHSA
GHSA-w594-hmpv-qhh5: Pulse Secure version 9
ghsa_unreviewed·2022-10-01
CVE-2022-21826 [MEDIUM] CWE-444 GHSA-w594-hmpv-qhh5: Pulse Secure version 9
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-30
Published