Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Caddy 信息泄露漏洞
Vulnerability Description
Caddy是一款开源、跨平台的HTTP/Web服务器。 Caddy 0.11.0及之前版本中存在安全漏洞,该漏洞源于程序对无效的请求会发送不正确的证书。攻击者可利用该漏洞枚举主机名并获取主机之间的关系。
CVSS Information
N/A
Vulnerability Type
N/A