CVE-2024-23316 (GCVE-0-2024-23316)

Vulnerability from cvelistv5 – Published: 2024-05-31 19:08 – Updated: 2024-08-01 22:59
VLAI?
Title
PingAccess HTTP Request Desynchronization Weakness
Summary
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
Severity ?
8.8 (High)
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:P/AU:Y/R:A/RE:M/U:Amber
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
Ping Identity PingAccess Affected: 0 , < 8.0.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pingaccess",
            "vendor": "pingidentity",
            "versions": [
              {
                "lessThan": "8.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T15:21:45.806966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T18:41:55.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "PingAccess",
          "vendor": "Ping Identity",
          "versions": [
            {
              "lessThan": "8.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."
            }
          ],
          "value": "HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-33",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-33 HTTP Request Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:P/AU:Y/R:A/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-31T19:08:35.381Z",
        "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "shortName": "Ping Identity"
      },
      "references": [
        {
          "url": "https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling"
        },
        {
          "url": "https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn"
        },
        {
          "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"
        }
      ],
      "source": {
        "advisory": "SECADV045",
        "defect": [
          "PA-15610"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "PingAccess HTTP Request Desynchronization Weakness",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
    "assignerShortName": "Ping Identity",
    "cveId": "CVE-2024-23316",
    "datePublished": "2024-05-31T19:08:35.381Z",
    "dateReserved": "2024-01-17T17:27:24.608Z",
    "dateUpdated": "2024-08-01T22:59:32.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23316\",\"sourceIdentifier\":\"responsible-disclosure@pingidentity.com\",\"published\":\"2024-05-31T19:15:08.723\",\"lastModified\":\"2024-11-21T08:57:29.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.\"},{\"lang\":\"es\",\"value\":\"La desincronizaci\u00f3n de solicitudes HTTP en Ping Identity PingAccess, todas las versiones anteriores a 8.0.1 afectadas, permite a un atacante enviar solicitudes de encabezado http especialmente manipuladas para crear una condici\u00f3n de contrabando de solicitudes para solicitudes proxy.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"responsible-disclosure@pingidentity.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:M/U:Amber\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"PRESENT\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"responsible-disclosure@pingidentity.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn\",\"source\":\"responsible-disclosure@pingidentity.com\"},{\"url\":\"https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling\",\"source\":\"responsible-disclosure@pingidentity.com\"},{\"url\":\"https://www.pingidentity.com/en/resources/downloads/pingaccess.html\",\"source\":\"responsible-disclosure@pingidentity.com\"},{\"url\":\"https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.pingidentity.com/en/resources/downloads/pingaccess.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.pingidentity.com/en/resources/downloads/pingaccess.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:59:32.210Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23316\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-03T15:21:45.806966Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*\"], \"vendor\": \"pingidentity\", \"product\": \"pingaccess\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-03T15:23:27.193Z\"}}], \"cna\": {\"title\": \"PingAccess HTTP Request Desynchronization Weakness\", \"source\": {\"defect\": [\"PA-15610\"], \"advisory\": \"SECADV045\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-33\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-33 HTTP Request Smuggling\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.8, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/S:P/AU:Y/R:A/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Ping Identity\", \"product\": \"PingAccess\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"8.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling\"}, {\"url\": \"https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn\"}, {\"url\": \"https://www.pingidentity.com/en/resources/downloads/pingaccess.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"5998a2e9-ae88-42cd-b6e0-7564fd979f9e\", \"shortName\": \"Ping Identity\", \"dateUpdated\": \"2024-05-31T19:08:35.381Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23316\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:59:32.210Z\", \"dateReserved\": \"2024-01-17T17:27:24.608Z\", \"assignerOrgId\": \"5998a2e9-ae88-42cd-b6e0-7564fd979f9e\", \"datePublished\": \"2024-05-31T19:08:35.381Z\", \"assignerShortName\": \"Ping Identity\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.