CVE-2018-21246 – github.com/mholt/caddy

Package

Manager: go
Name: github.com/mholt/caddy
Vulnerable Version: >=0 <0.10.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00669 pctl0.70427

Details

Authentication bypass in github.com/mholt/caddy Due to improper TLS verification when serving traffic for multiple SNIs, an attacker may bypass TLS client authentication by indicating an SNI during the TLS handshake that is different from the name in the HTTP Host header.

Metadata

Created: 2021-04-14T20:04:52Z
Modified: 2024-05-20T16:03:47Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F006
Auto approve: 1