Intrusion Prevention

Pulse.Secure.SSL.VPN.HTML5.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Pulse Connect Secure.
The vulnerability is due to an error in the vulnerable application when handling a malicious request. An unauthenticated attacker can exploit this to access sensitive information on the affected machine via a crafted request.

Affected Products

Pulse Connect Secure 8.1R15.1
Pulse Connect Secure 8.2 before 8.2R12.1
Pulse Connect Secure 8.3 before 8.3R7.1
Pulse Connect Secure 9.0 before 9.0R3.4

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's advisory for updates:
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

CVE References

CVE-2019-11510