3 matches found
SUSE CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
Summary Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the...
Varnish Cache 环境问题漏洞
Varnish Cache is a set of reverse web caching servers. An environment issue vulnerability exists in Varnish Cache version 7.x up to and including version 7.1.2, and version 7.2.x up to and including version 7.2.1. An attacker exploits this vulnerability to bypass host routing requests in the VCL...