Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Unrestricted access to Caddy API interface - Vulnerability Database

Unrestricted access to Caddy API interface

Description

The Caddy web server is an open-source load balancer, reverse proxy, web server written in Go.

Caddy is dynamically configurable with a RESTful JSON API. Invicti determined that it was possible to access this REST interface without authentication.

Remediation

Restrict access to the Caddy API interface.

References

OWASP Authentication Cheat Sheet
API

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure Configuration
Nuxt.js Running in Development Mode Low
Common tags: Information Disclosure Configuration
Laravel Terminal open High
Common tags: Information Disclosure Configuration
Core dump file High
Common tags: Information Disclosure Configuration
GoCD information disclosure (CVE-2021-43287) High
Common tags: Information Disclosure Configuration

Severity

High

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Information Disclosure
Configuration