CVE-2024-21499

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-644
View all →

Vulnerability Description

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.

Related Vulnerabilities

CVE-2025-24339

MEDIUM
CVSS:5.0(Medium)

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-t...

CWE-6442025

CVE-2022-34316

MEDIUM
CVSS:5.3(Medium)

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

CWE-6442022

CVE-2023-34036

MEDIUM
CVSS:5.3(Medium)

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness ...

CWE-6442023

CVE-2024-30129

MEDIUM
CVSS:5.3(Medium)

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP ad...

CWE-6442024

CVE-2025-0154

MEDIUM
CVSS:5.3(Medium)

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.

CWE-6442025

CVE-2021-38997

MEDIUM
CVSS:5.4(Medium)

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST...

CWE-6442021