EUVD-2022-4337

Malicious code in bioql PyPI...

Hostname Enumeration

github.com/mholt/caddy is vulnerable to hostname enumeration. The vulnerability is possible because the library does not properly return correct certificates if the request is invalid. Using this loophole, an attacker can intentionally send repeated invalid requests with a nonexistent hostname in...

CVE-2018-19148

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its...

Hardcoded credentials

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its...

CVE-2018-19148

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its...

dns-brute NSE Script

Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Wildcard records are listed as "A" and "AAAA" for IPv4 and IPv6 respectively. See also: dns-nsec3-enum.nse...