CVE-2024-23316 - Vulnerability Details - OpenCVE

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00785.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-20834	HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn
https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling
https://www.pingidentity.com/en/resources/downloads/pingaccess.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Ping Identity

Published: 2024-05-31T19:08:35.381Z

Updated: 2024-08-01T22:59:32.210Z

Reserved: 2024-01-17T17:27:24.608Z

Link: CVE-2024-23316

Vulnrichment

Updated: 2024-08-01T22:59:32.210Z

NVD

Status : Awaiting Analysis

Published: 2024-05-31T19:15:08.723

Modified: 2024-11-21T08:57:29.393

Link: CVE-2024-23316

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23316", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "state": "PUBLISHED", "assignerShortName": "Ping Identity", "dateReserved": "2024-01-17T17:27:24.608Z", "datePublished": "2024-05-31T19:08:35.381Z", "dateUpdated": "2024-08-01T22:59:32.210Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "PingAccess", "vendor": "Ping Identity", "versions": [{"lessThan": "8.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."}], "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."}], "impacts": [{"capecId": "CAPEC-33", "descriptions": [{"lang": "en", "value": "CAPEC-33 HTTP Request Smuggling"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:P/AU:Y/R:A/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2024-05-31T19:08:35.381Z"}, "references": [{"url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"}, {"url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"}], "source": {"advisory": "SECADV045", "defect": ["PA-15610"], "discovery": "EXTERNAL"}, "title": "PingAccess HTTP Request Desynchronization Weakness", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "pingidentity", "product": "pingaccess", "cpes": ["cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-03T15:21:45.806966Z", "id": "CVE-2024-23316", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T18:41:55.387Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.210Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling", "tags": ["x_transferred"]}, {"url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn", "tags": ["x_transferred"]}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling", "tags": ["x_transferred"]}, {"url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn", "tags": ["x_transferred"]}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.210Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23316", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-03T15:21:45.806966Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*"], "vendor": "pingidentity", "product": "pingaccess", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T15:23:27.193Z"}}], "cna": {"title": "PingAccess HTTP Request Desynchronization Weakness", "source": {"defect": ["PA-15610"], "advisory": "SECADV045", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-33", "descriptions": [{"lang": "en", "value": "CAPEC-33 HTTP Request Smuggling"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.8, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:P/AU:Y/R:A/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ping Identity", "product": "PingAccess", "versions": [{"status": "affected", "version": "0", "lessThan": "8.0.1", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"}, {"url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.", "supportingMedia": [{"type": "text/html", "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2024-05-31T19:08:35.381Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23316", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:59:32.210Z", "dateReserved": "2024-01-17T17:27:24.608Z", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "datePublished": "2024-05-31T19:08:35.381Z", "assignerShortName": "Ping Identity"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."}, {"lang": "es", "value": "La desincronizaci\u00f3n de solicitudes HTTP en Ping Identity PingAccess, todas las versiones anteriores a 8.0.1 afectadas, permite a un atacante enviar solicitudes de encabezado http especialmente manipuladas para crear una condici\u00f3n de contrabando de solicitudes para solicitudes proxy."}], "id": "CVE-2024-23316", "lastModified": "2024-11-21T08:57:29.393", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "AUTOMATIC", "safety": "PRESENT", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}, "published": "2024-05-31T19:15:08.723", "references": [{"source": "responsible-disclosure@pingidentity.com", "url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"}, {"source": "responsible-disclosure@pingidentity.com", "url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"}, {"source": "responsible-disclosure@pingidentity.com", "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}