Shodan
Vulnerabilities
Vulnerable Software
Litespeedtech:  >> Openlitespeed  Security Vulnerabilities
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-22
CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14
CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS Score
5.8
EPSS Score
0.002
Published
2022-10-27
CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-10-27
CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-27
CVE-2021-26758
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
CVSS Score
8.8
EPSS Score
0.034
Published
2021-04-07
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-01-06
CVE-2018-19791
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-03
CVE-2018-19792
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.
CVSS Score
6.7
EPSS Score
0.001
Published
2018-12-03
CVE-2015-3890
Use-after-free vulnerability in Open Litespeed before 1.3.10.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved