CVE-2018-19148
CVE-2018-19148 affects Caddy up to 0.11.0. When a request’s Host header cannot be matched to any vhost, Caddy serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests with nonexistent hostnames enable enumeration of all certificates and relationships amon...