RSS   Vulnerabilities for 'Openlitespeed'   RSS

2021-04-07
 
CVE-2021-26758

CWE-269
 

 
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.

 
2020-01-06
 
CVE-2020-5519

CWE-20
 

 
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.

 
2018-12-03
 
CVE-2018-19792

CWE-119
 

 
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.

 
 
CVE-2018-19791

CWE-20
 

 
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

 

 >>> Vendor: Litespeedtech 4 Products
Litespeed web server
Open litespeed
Openlitespeed
Litespeed cache


Copyright 2024, cxsecurity.com

 

Back to Top