CVE-2024-23316

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

31/05/2024

Last modified:

03/06/2024

Description

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

Impact

References to Advisories, Solutions, and Tools

https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn
https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling
https://www.pingidentity.com/en/resources/downloads/pingaccess.html