CVE-2024-23316 Information

Description

HTTP request desynchronization in Ping Identity PingAccess all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

Reference

https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn https://www.pingidentity.com/en/resources/downloads/pingaccess.html