Reset Search
 

 

Article

JSA10324 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability, Released 5/06/03

« Go Back

Information

 
Product AffectedPlease see attached .pdf file for complete list of impacted products.
Problem
The purpose of this email is to address three security issues that affect the Pulse Connect Secure (PCS). Pulse Secure has confirmed fixes for all of these issues in our General Access (GA) software today. The first issue involves a fix for an OpenSSL vulnerability, the second addresses a Red Hat Security Advisory and the third provides a fix for a Cross Site Scripting problem that was identified during a security audit of the PCS. Pulse Secure is recommending that you upgrade your PCS at this time to the latest build of the PCS OS. These security issues affect customers using all versions of the PCS OS. However, it is important to note that there have been no reports of PCS compromises to the PCS. Summary of Issue(s)
  • OpenSSL - CAN-2003-10131, a security concern, relating to an extension of a "Bleichenbacher attack"
  • Red Hat Security Advisory, RHSA-2003:089-00, to address vulnerabilities in RPC XDR.
  • Cross-Site Scripting - Pulse Secure has learned of a potential session hijacking vulnerability in the PCS via a cross-site scripting attack. A possibility does exist that these issues can be exploited to compromise the system.
Solution
Please see attached .pdf file for complete bulletin text.
Workaround
Implementation
All customers running any PCS software version earlier than 3.3.1 GA Patch 1 (build 5847) should upgrade to 3.3.1 GA Patch 1. All customers running 4.0 GA (build 5531) should upgrade to 4.0 GA Patch 1 (build 5871).
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk Level 
Attachment 2 
Legacy IDPSN-2004-07-006, JSA10324

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255