Reset Search
 

 

Article

JSA10374 - Pulse Connect Secure (PCS) SSL VPN Webroot Path Disclosure Vulnerability

« Go Back

Information

 
Product AffectedThis issue does not expose any further security risk to the device.
Problem
By requesting the 'remediate.cgi' script omitting certain parameters, the embedded PCS web server returns the physical path of the webroot ('/home/webserver/htdocs/') within an "Execute failed" error message Knowing the path does not provide any useful information and does not expose any further security risk to the device.
Solution
This issue does not expose any further security risk to the device. Pulse Secure has eliminated the webroot path disclosure in Pulse Secure PCS software version 6.0R1 Build 12023 and higher.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-03-001, JSA10374

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255