Reset Search
 

 

Article

JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability

« Go Back

Information

 
Product AffectedThis issue does not expose any further security risk to the device.
Problem
By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot ('/home/webserver/htdocs/') within an "Execute failed" error message
Solution
This issue does not expose any further security risk to the device.

Pulse Secure has eliminated the webroot path disclosure in PPS software version 2.1R1 Build 10477 and higher.

Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelLow
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-03-003, JSA10376

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255