Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Fedora: Security Advisory for caddy (FEDORA-2023-74e5545901)

🗓️ 27 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 19 Views

The remote host is missing an update for the 'caddy' package(s) announced via the FEDORA-2023-74e5545901 advisory. Caddy is the web server with automatic HTTPS

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Operations Dashboard is vulnerable to denial of service and request smuggling due to Go CVE-2022-41717 and CVE-2022-41721
3 Mar 202315:24
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTTP request smuggling in Golang Go ( CVE-2022-41721)
28 Jun 202320:36
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in Go affects watsonx.data
5 Sep 202418:50
ibm
IBM Security Bulletins		Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to request smuggling in Go (CVE-2022-41721)
3 Mar 202315:22
ibm
IBM Security Bulletins		Security Bulletin: CVE-2022-41721 may affect IBM CICS TX Standard
4 Apr 202313:29
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
2 May 202322:50
ibm
IBM Security Bulletins		Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-41717 in Go
3 Mar 202315:33
ibm
IBM Security Bulletins		Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41717]
28 Apr 202311:48
ibm
IBM Security Bulletins		Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2022-41717)
29 Mar 202309:53
ibm
IBM Security Bulletins		Security Bulletin: Due to the use of Golang Go, IBM Workload Scheduler is vulnerable to a denial of service.
22 Sep 202310:42
ibm
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.884705");
  script_version("2023-10-12T05:05:32+0000");
  script_cve_id("CVE-2022-41721", "CVE-2022-41717");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-01-24 17:25:00 +0000 (Tue, 24 Jan 2023)");
  script_tag(name:"creation_date", value:"2023-08-27 01:10:02 +0000 (Sun, 27 Aug 2023)");
  script_name("Fedora: Security Advisory for caddy (FEDORA-2023-74e5545901)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC38");

  script_xref(name:"Advisory-ID", value:"FEDORA-2023-74e5545901");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'caddy'
  package(s) announced via the FEDORA-2023-74e5545901 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Caddy is the web server with automatic HTTPS.");

  script_tag(name:"affected", value:"'caddy' package(s) on Fedora 38.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC38") {

  if(!isnull(res = isrpmvuln(pkg:"caddy", rpm:"caddy~2.6.4~1.fc38", rls:"FC38"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Aug 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS37.5
EPSS0.00413
SSVC
fedorasecurity advisorycaddyupdatevulnerabilityweb serverhttpspackagefedora 38
19
.json
Report