Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Caddy Security Vulnerabilities - 2023

cve
cve

CVE-2022-28923

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

6.1CVSS

6.1AI Score

0.002EPSS

2023-02-06 11:15 PM
59
cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS

8AI Score

0.813EPSS

2023-10-10 02:15 PM
3034
In Wild
cve
cve

CVE-2023-50463

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restri...

6.5CVSS

6.3AI Score

0.001EPSS

2023-12-10 11:15 PM
16