CVE-2018-19148

Published: Nov 10, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-4337 Aliases: GHSA-jf2w-mq6r-56v8
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0016
Percentile
0,4th
Updated

EPSS Score Trend (Last 90 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Application

Caddy by Caddyserver

Product Information
Vendor Caddyserver
Product Caddy
Version Range Affected
To 0.11.0 (inclusive)
cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/mholt/caddy/issues/1303
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/issues/1303
https://github.com/mholt/caddy/issues/2334
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/issues/2334
https://github.com/mholt/caddy/pull/2015
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/pull/2015
https://github.com/mholt/caddy/issues/1303
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/issues/1303
https://github.com/mholt/caddy/issues/2334
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/issues/2334
https://github.com/mholt/caddy/pull/2015
Issue Tracking Patch Third Party Advisory
https://github.com/mholt/caddy/pull/2015
https://securitytrails.com/blog/caddy-web-server-ssl-bug
Exploit Patch Third Party Advisory
https://securitytrails.com/blog/caddy-web-server-ssl-bug