漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
Vulnerability Description
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with a large host list (>100 entries) it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the casing of the `Host` header. Version 2.11.1 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
大小写敏感处理不恰当
Vulnerability Title
Caddy 安全漏洞
Vulnerability Description
Caddy是Caddy公司的一款开源、跨平台的HTTP/Web服务器。 Caddy 2.11.1之前版本存在安全漏洞,该漏洞源于HTTP主机请求匹配器在配置大型主机列表时变为大小写敏感,可能导致攻击者绕过基于主机的路由和访问控制。
CVSS Information
N/A
Vulnerability Type
N/A