Attacking and defending web and VPN session hijacking in Pulse Secure Connect
Session hijacking in PulseSecure Server Depending on the configuration, all versions are affected including latest release 90R34 See the vendor's response for the gory configuration details Disclaimer Please note that on a fully patched Pulse server this vulnerability is not exploitable by itself and is only useful under very specific circumstances For this exploit to