Vulnerability Description
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
Related Weaknesses (CWE)
References
- https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn
- https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling
- https://www.pingidentity.com/en/resources/downloads/pingaccess.html
- https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn
- https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling
- https://www.pingidentity.com/en/resources/downloads/pingaccess.html
FAQ
What is CVE-2024-23316?
CVE-2024-23316 is a documented vulnerability. HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling conditi...
How severe is CVE-2024-23316?
CVSS scoring is not yet available for CVE-2024-23316. Check NVD for updates.
Is there a patch for CVE-2024-23316?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.