CVE-2022-21826
MEDIUMIvanti Connect Secure - HTTP Request Smuggling via POST Content-Length Mismanagement
Title source: llmDescription
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/Client-Side-Desync-Attack/
Scores
CVSS v3
5.4
EPSS
0.4523
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-444
Status
published
Products (2)
ivanti/connect_secure
9.1 (38 CPE variants)
pulsesecure/pulse_connect_secure
< 9.1
Published
Sep 30, 2022
Tracked Since
Feb 18, 2026