Caddy Web Server

The Caddy web server is an open-source web server written in Go. It uses the Go standard library for its HTTP functionality and supports HTTPS natively. Caddy development began in December 2014. The first version was released in April 2015. Version 1.0.0 was released in April 2019.

Severity Summary:

Critical: 1 High: 2 Medium: 3 Low: 1
Reference
Title
Severity
Caddy Web Server Improper Authentication Vulnerability
Critical
Caddy Web Server Out-of-bounds Read Vulnerability
High
Caddy Web Server Uncontrolled Resource Consumption Vulnerability
High
Caddy Web Server URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
Caddy Web Server URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
Caddy Web Server Authentication Bypass by Spoofing Vulnerability
Medium
Caddy Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Low