Skip to main content
CVE-2018-19148 LOW POC PATCH Monitor

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Caddy
NVD GitHub
CVSS 3.0
3.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy