PT-2024-19804 · Ping Identity · Pingaccess

Published

2024-05-31

Updated

2024-06-03

CVE-2024-23316

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:M/U:Amber

Name of the Vulnerable Software and Affected Versions Ping Identity PingAccess versions prior to 8.0.1

Description The issue allows an attacker to send specially crafted HTTP header requests to create a request smuggling condition for proxied requests. This is achieved through HTTP request desynchronization in Ping Identity PingAccess.

Recommendations For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

CVE-2024-23316

Affected Products

Pingaccess

PT-2024-19804 · Ping Identity · Pingaccess

CVE-2024-23316

Weakness Enumeration

Related Identifiers

Affected Products

References · 5