Web Server

Caddy Web Server

The Caddy web server is an open-source web server written in Go. It uses the Go standard library for its HTTP functionality and supports HTTPS natively. Caddy development began in December 2014. The first version was released in April 2015. Version 1.0.0 was released in April 2019.

Official Site:

https://caddyserver.com/

Severity Summary:

Critical: 1 High: 2 Medium: 3 Low: 1

Reference

Title

Severity

CVE-2018-21246

Caddy Web Server Improper Authentication Vulnerability

Critical

CVE-2022-34037

Caddy Web Server Out-of-bounds Read Vulnerability

High

CVE-2023-44487

Caddy Web Server Uncontrolled Resource Consumption Vulnerability

High

CVE-2022-29718

Caddy Web Server URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2022-28923

Caddy Web Server URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2023-50463

Caddy Web Server Authentication Bypass by Spoofing Vulnerability

Medium

CVE-2018-19148

Caddy Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Low