CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-31922
https://notcve.org/view.php?id=CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. Una vulnerabilidad de contrabando de solicitudes HTTP en Pulse Secure Virtual Traffic Manager antes de la versión 21.1 podría permitir a un atacante contrabandear una solicitud HTTP a través de un encabezado HTTP/2. Esta vulnerabilidad está resuelta en 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4 y 18.2R3 • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44790 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •