A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX prior to 8.1R12 and 8.3RX prior to 8.3R2 and Pulse Policy Secure (PPS) 5.2RX prior to 5.2R9 and 5.4RX prior to 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
pulsesecure pulse policy secure 5.2r7.0 |
||
pulsesecure pulse connect secure 8.1r1.0 |
||
pulsesecure pulse policy secure 5.2r2.0 |
||
pulsesecure pulse policy secure 5.2r7.1 |
||
pulsesecure pulse policy secure 5.2r4.0 |
||
pulsesecure pulse policy secure 5.2r3.2 |
||
pulsesecure pulse policy secure 5.2r1.0 |
||
pulsesecure pulse policy secure 5.2r5.0 |
||
pulsesecure pulse policy secure 5.2r6.0 |
||
pulsesecure pulse policy secure 5.2r8.0 |
||
pulsesecure pulse policy secure 5.2r3.0 |
||
pulsesecure pulse policy secure 5.4r1 |
||
pulsesecure pulse policy secure 5.4r2 |
||
pulsesecure pulse policy secure 5.4rx |
||
pulsesecure pulse policy secure 5.2rx |
||
pulsesecure pulse connect secure 8.3rx |
||
pulsesecure pulse connect secure 8.1rx |
||
ivanti connect secure 8.1 |
Vulmon