CVE-2024-23316

2024-05-3119:15:08

CWE-444

[email protected]

web.nvd.nist.gov

request smuggling

pingaccess

vulnerability

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

References

docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn

support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling

www.pingidentity.com/en/resources/downloads/pingaccess.html