Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Improper application configuration leading to multiple flaws

it.infrastructure@sembcorp.com
Occasional Visitor
‎05-01-2019 02:55:AM
‎05-01-2019 02:55:AM

Improper application configuration leading to multiple flaws

We've a an issue identified by an assesment carried out on our setup that states the following are still available even if the web session is unathenticated

 

Https://*****/dana-cached/setup/JuniperSetupSP1.cab

Https://*****//dana-cached/sc/JuniperSetupClientInstaller.exe

Https://*****//dana-na/meeting/login_meeting.cgi?mid=DEFAULT

 

any ideas where I can adjust our config to fix this..? is it just the cach cleaner.?

0 Kudos
2 REPLIES 2
r@yElr3y
Moderator
Moderator
‎05-02-2019 01:02:PM
‎05-02-2019 01:02:PM

Re: Improper application configuration leading to multiple flaws

We will not be able to block access to those files from the VPN server configuration, as they need to be downloaded and installed on the user machine, if there is any pre-authentication (before authentication) policies like host checks were enabled on the user realm i.e. host checker component will get downloaded with help of active-x object tags embedded on the webpage, which a Setup Client can read/parse.

 

Setup Client is the helper application which will parse the launch arguments from the VPN server and installs/invokes other Pulse Secure components from the user machine to carry out the requried tasks.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
zanyterp
Moderator
Moderator
‎05-07-2019 12:33:PM
‎05-07-2019 12:33:PM

Re: Improper application configuration leading to multiple flaws

Can you open a case with our support team for further investigation, please?
what version of software are you using?
in addition to [email protected]'s comment, the last URL is used by the Pulse Collaboration component, which has users joining that do not login to the appliance
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.