Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Pulse Secure Pulse Connect Secure 环境问题漏洞
Vulnerability Description
Pulse Secure Pulse Connect Secure(又名PCS,前称Juniper Junos Pulse)是美国Pulse Secure公司的一套SSL VPN解决方案。 Pulse Secure Pulse Connect Secure 9.115版本及之前版本存在环境问题漏洞。攻击者利用该漏洞使浏览器向应用程序发出POST请求,从而执行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A