Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
caddyserver caddy vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-50463
The caddy-geo-ip (aka GeoIP) middleware up to and including 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows malicious users to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in rev...
Caddyserver Caddy
6.1
CVSSv3
CVE-2022-29718
Caddy v2.4 exists to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
Caddyserver Caddy
3.7
CVSSv3
CVE-2018-19148
Caddy up to and including 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for malicious users to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a rando...
Caddyserver Caddy
9.8
CVSSv3
CVE-2018-21246
Caddy prior to 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
Caddyserver Caddy
7.5
CVSSv3
CVE-2022-34037
An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows malicious users to cause a Denial of Service (DoS) via a crafted URI.
Caddyserver Caddy 2.5.1
6.1
CVSSv3
CVE-2022-28923
Caddy v2.4.6 exists to contain an open redirection vulnerability which allows malicious users to redirect users to phishing websites via crafted URLs.
Caddyserver Caddy 2.4.6
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started