CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-50463

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://caddyserver.com/v2
https://github.com/shift72/caddy-geo-ip/issues/4
https://github.com/shift72/caddy-geo-ip/tags
https://caddyserver.com/v2
https://github.com/shift72/caddy-geo-ip/issues/4
https://github.com/shift72/caddy-geo-ip/tags

Products affected by CVE-2023-50463

Caddyserver » Caddy » Version: 0.5.0

cpe:2.3:a:caddyserver:caddy:0.5.0
Caddyserver » Caddy » Version: 0.5.1

cpe:2.3:a:caddyserver:caddy:0.5.1
Caddyserver » Caddy » Version: 0.6.0

cpe:2.3:a:caddyserver:caddy:0.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-50463

Products

Pricing

Contact Us