CVE-2018-19148 — Sensitive Information Exposure in Caddyserver Caddy

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

3.7LOWNVD

EPSS

0.2%

top 63.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Caddyserver Caddy Caddyserver Caddy

Timeline

PublishedNov 10

Latest updateMay 14

Description

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover th…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶Gogithub.com/caddyserver_caddy< 0.11.1

▶NVDcaddyserver/caddy0.11.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Caddy allows enumeration of Certificates and Hostnames↗2022-05-14

▶

GHSA

Caddy allows enumeration of Certificates and Hostnames↗2022-05-14

▶

CVEList

CVE-2018-19148: Caddy through 0↗2018-11-10

▶

📋Vendor Advisories

Debian

CVE-2018-19148: caddy - Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, ...↗2018

▶