Reset Search



JSA10324 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability, Released 5/06/03

« Go Back


Product AffectedPlease see attached .pdf file for complete list of impacted products.
The purpose of this email is to address three security issues that affect the Pulse Connect Secure (PCS). Pulse Secure has confirmed fixes for all of these issues in our General Access (GA) software today. The first issue involves a fix for an OpenSSL vulnerability, the second addresses a Red Hat Security Advisory and the third provides a fix for a Cross Site Scripting problem that was identified during a security audit of the PCS. Pulse Secure is recommending that you upgrade your PCS at this time to the latest build of the PCS OS. These security issues affect customers using all versions of the PCS OS. However, it is important to note that there have been no reports of PCS compromises to the PCS. Summary of Issue(s)
  • OpenSSL - CAN-2003-10131, a security concern, relating to an extension of a "Bleichenbacher attack"
  • Red Hat Security Advisory, RHSA-2003:089-00, to address vulnerabilities in RPC XDR.
  • Cross-Site Scripting - Pulse Secure has learned of a potential session hijacking vulnerability in the PCS via a cross-site scripting attack. A possibility does exist that these issues can be exploited to compromise the system.
Please see attached .pdf file for complete bulletin text.
All customers running any PCS software version earlier than 3.3.1 GA Patch 1 (build 5847) should upgrade to 3.3.1 GA Patch 1. All customers running 4.0 GA (build 5531) should upgrade to 4.0 GA Patch 1 (build 5871).
Related Links
CVSS Score
Risk Assessment
Alert TypePSN - Product Support Notification
Risk Level 
Attachment 2 
Legacy IDPSN-2004-07-006, JSA10324



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255