Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-19148

Good to know:

icon

Date: November 10, 2018

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.

Language: Go

Severity Score

Related Resources (6)

https://github.com/mholt/caddy/issues/1303
https://github.com/mholt/caddy/pull/2015
https://securitytrails.com/blog/caddy-web-server-ssl-bug
https://nvd.nist.gov/vuln/detail/CVE-2018-19148
https://github.com/mholt/caddy/issues/2334
https://www.mend.io/vulnerability-database/CVE-2018-19148

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

icon

Upgrade Version

Upgrade to version v0.10.11

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us