Sign-up

ID

VAR-201811-0674


CVE

CVE-2018-19148


TITLE

Caddy Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-014047

DESCRIPTION

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort. Caddy Contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2018-19148 // JVNDB: JVNDB-2018-014047

AFFECTED PRODUCTS

vendor:caddyservermodel:caddyscope:lteversion:0.11.0

Trust: 1.0

vendor:light codemodel:caddyscope:lteversion:0.11.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-014047 // NVD: CVE-2018-19148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19148
value: LOW

Trust: 1.0

NVD: CVE-2018-19148
value: LOW

Trust: 0.8

CNNVD: CNNVD-201811-261
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-19148
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-19148
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-014047 // CNNVD: CNNVD-201811-261 // NVD: CVE-2018-19148

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-014047 // NVD: CVE-2018-19148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-261

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014047

PATCH
title:Caddy serves wrong SSL cert for site that is not served on HTTPS port #1303url:https://github.com/mholt/caddy/issues/1303
Trust: 0.8
title:Problem with the way Caddy serves multiple certificates #23343url:https://github.com/mholt/caddy/issues/2334
Trust: 0.8
title:tls: Restructure and improve certificate management #2015url:https://github.com/mholt/caddy/pull/2015
Trust: 0.8
title:Caddy Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86707
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014047 // 
            
            
            
            CNNVD: CNNVD-201811-261

EXTERNAL IDS
db:NVDid:CVE-2018-19148
Trust: 2.4
db:JVNDBid:JVNDB-2018-014047
Trust: 0.8
db:CNNVDid:CNNVD-201811-261
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014047 // 
            
            
            
            CNNVD: CNNVD-201811-261 // 
            
            
            
            NVD: CVE-2018-19148

REFERENCES
url:https://securitytrails.com/blog/caddy-web-server-ssl-bug
Trust: 1.8
url:https://github.com/mholt/caddy/issues/1303
Trust: 1.6
url:https://github.com/mholt/caddy/issues/2334
Trust: 1.6
url:https://github.com/mholt/caddy/pull/2015
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19148
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19148
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014047 // 
            
            
            
            CNNVD: CNNVD-201811-261 // 
            
            
            
            NVD: CVE-2018-19148

SOURCES
db:JVNDBid:JVNDB-2018-014047
db:CNNVDid:CNNVD-201811-261
db:NVDid:CVE-2018-19148

LAST UPDATE DATE
2024-11-23T23:11:58.256000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-014047date:2019-03-11T00:00:00
db:CNNVDid:CNNVD-201811-261date:2019-04-01T00:00:00
db:NVDid:CVE-2018-19148date:2024-11-21T03:57:25.540

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-014047date:2019-03-11T00:00:00
db:CNNVDid:CNNVD-201811-261date:2018-11-12T00:00:00
db:NVDid:CVE-2018-19148date:2018-11-10T19:29:00.227