CVE-2018-21246

Опубликовано: 15 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

Ссылки

https://bugs.gentoo.org/715214
Third Party Advisory
https://github.com/caddyserver/caddy/releases/tag/v0.10.13
Release Notes
Third Party Advisory
https://bugs.gentoo.org/715214
Third Party Advisory
https://github.com/caddyserver/caddy/releases/tag/v0.10.13
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*

Версия до 0.10.3 (исключая)

EPSS

Процентиль: 66%

0.00525

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-21246

CVSS3: 9.8

debian

больше 5 лет назад

Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...

GHSA-gr7w-x2jp-3xgw

CVSS3: 9.8

github

больше 3 лет назад

Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication

EPSS

Процентиль: 66%

0.00525

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287