9.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.1%
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
bugs.gentoo.org/715214
github.com/caddyserver/caddy/releases/tag/v0.10.13