Описание
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-21246
- https://github.com/caddyserver/caddy/pull/2099
- https://github.com/caddyserver/caddy/commit/4d9ee000c8d2cbcdd8284007c1e0f2da7bc3c7c3
- https://bugs.gentoo.org/715214
- https://github.com/caddyserver/caddy/releases/tag/v0.10.13
- https://pkg.go.dev/vuln/GO-2020-0043
Пакеты
Наименование
github.com/caddyserver/caddy
go
Затронутые версииВерсия исправления
< 0.10.13
0.10.13
Связанные уязвимости
CVSS3: 9.8
nvd
больше 5 лет назад
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
CVSS3: 9.8
debian
больше 5 лет назад
Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...