Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treating a non-.php (or other configured split_path extension) file as a script. In any deployment where the attacker can place content into a file served via FastCGI (uploads, file storage, etc.), this can be escalated to remote code execution by crafting a URL whose path triggers either flaw. This vulnerability is fixed in 2.11.3.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCaddyserver Caddy
APPCaddyserver2.7.0 – 2.11.3 (bez)
Powiązane podatności
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused ...
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path match...
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers de...
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2,...