Description
The Caddy web server is an open-source load balancer, reverse proxy, web server written in Go.
Caddy is dynamically configurable with a RESTful JSON API. Acunetix determined that it was possible to access this REST interface without authentication.
Remediation
Restrict access to the Caddy API interface.
References
Related Vulnerabilities
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
[Possible] Database Connection String Detected
WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)