Hostname Enumeration Vulnerability in Caddy Web Server
CVE-2018-19148

3.7LOW

Key Information:

Vendor

Caddyserver

Status
Caddy
Vendor
CVE Published:
10 November 2018

What is CVE-2018-19148?

Caddy versions up to 0.11.0 contain a vulnerability where incorrect certificates are sent for certain invalid requests. When the server cannot find a matching Host header, it responds with an X.509 certificate from a randomly selected virtual host configuration. This flaw allows attackers to perform repeated requests using nonexistent hostnames, which can lead to the enumeration of all certificates hosted on the server. The knowledge gained can enable attackers to identify hidden hostnames, thereby revealing potentially sensitive relationships among them.

References

https://github.com/mholt/caddy/pull/2015
x_refsource_MISC
https://github.com/mholt/caddy/issues/1303
x_refsource_MISC
https://github.com/mholt/caddy/issues/2334
x_refsource_MISC

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.