XML Entity Expansion Denial of Service Vulnerability in Pulse Secure Pulse Connect Secure

XML Entity Expansion Denial of Service Vulnerability in Pulse Secure Pulse Connect Secure

CVE-2018-9849 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.

Learn more about our Web Application Penetration Testing UK.