
CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •

CVE-2022-34037
https://notcve.org/view.php?id=CVE-2022-34037
22 Jul 2022 — An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. Una lectura fuera de límites en la función rewrite en el archivo... • https://github.com/caddyserver/caddy/issues/4775 • CWE-125: Out-of-bounds Read •

CVE-2017-5963
https://notcve.org/view.php?id=CVE-2017-5963
12 Feb 2017 — An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se descubrió un problema en caddy (para TYPO3) en versiones anteriores a 7.2.10. La vulnerabilidad existe debido a la filtració... • http://www.securityfocus.com/bid/96198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •