CVE-2022-28923
- EPSS 2.91%
- Veröffentlicht 06.02.2023 23:15:09
- Zuletzt bearbeitet 26.03.2025 19:15:17
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
CVE-2022-34037
- EPSS 0.61%
- Veröffentlicht 22.07.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:08:49
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the ...
CVE-2022-29718
- EPSS 0.28%
- Veröffentlicht 02.06.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:59:36
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
CVE-2018-21246
- EPSS 1.38%
- Veröffentlicht 15.06.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:03:16
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
CVE-2018-19148
- EPSS 0.16%
- Veröffentlicht 10.11.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:25
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate...