CVE-2022-21826

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

Published: Sep 30, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-21826
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
pulsesecure / pulse_connect_secure	-	9.1
ivanti / connect_secure	9.1-r15	9.1-r15.x
ivanti / connect_secure	9.1-r1	9.1-r1.x
ivanti / connect_secure	9.1-r2	9.1-r2.x
ivanti / connect_secure	9.1-r3	9.1-r3.x
ivanti / connect_secure	9.1-r4	9.1-r4.x
ivanti / connect_secure	9.1-r4.1	9.1-r4.1.x
ivanti / connect_secure	9.1-r4.2	9.1-r4.2.x
ivanti / connect_secure	9.1-r4.3	9.1-r4.3.x
ivanti / connect_secure	9.1-r5	9.1-r5.x
ivanti / connect_secure	9.1-r6	9.1-r6.x
ivanti / connect_secure	9.1-r7	9.1-r7.x
ivanti / connect_secure	9.1-r8	9.1-r8.x
ivanti / connect_secure	9.1-r8.1	9.1-r8.1.x
ivanti / connect_secure	9.1-r8.2	9.1-r8.2.x
ivanti / connect_secure	9.1-r9	9.1-r9.x
ivanti / connect_secure	9.1-r9.1	9.1-r9.1.x
ivanti / connect_secure	9.1-r11.3	9.1-r11.3.x
ivanti / connect_secure	9.1-r11.4	9.1-r11.4.x
ivanti / connect_secure	9.1-r12	9.1-r12.x
ivanti / connect_secure	9.1-r12.1	9.1-r12.1.x
ivanti / connect_secure	9.1-r13	9.1-r13.x
ivanti / connect_secure	9.1	9.1.x
ivanti / connect_secure	9.1-r8.4	9.1-r8.4.x
ivanti / connect_secure	9.1-r9.2	9.1-r9.2.x
ivanti / connect_secure	9.1-r7.0	9.1-r7.0.x
ivanti / connect_secure	9.1-r6.0	9.1-r6.0.x
ivanti / connect_secure	9.1-r2.0	9.1-r2.0.x
ivanti / connect_secure	9.1-r3.0	9.1-r3.0.x
ivanti / connect_secure	9.1-r8.0	9.1-r8.0.x
ivanti / connect_secure	9.1-r12.2	9.1-r12.2.x
ivanti / connect_secure	9.1-r10.0	9.1-r10.0.x
ivanti / connect_secure	9.1-r10.2	9.1-r10.2.x
ivanti / connect_secure	9.1-r11.0	9.1-r11.0.x
ivanti / connect_secure	9.1-r11.1	9.1-r11.1.x
ivanti / connect_secure	9.1-r4.0	9.1-r4.0.x
ivanti / connect_secure	9.1-r5.0	9.1-r5.0.x
ivanti / connect_secure	9.1-r1.0	9.1-r1.0.x
ivanti / connect_secure	9.1-r9.0	9.1-r9.0.x

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/

Vulnerability Database

289,697

CVE-2022-21826