Litespeedtech: >> Openlitespeed >> 1.7.8 Security Vulnerabilities
OpenLiteSpeed before 1.8.1 mishandles chunked encoding.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-22
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS Score
5.8
EPSS Score
0.002
Published
2022-10-27
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-10-27
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-10-27
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
CVSS Score
8.8
EPSS Score
0.034
Published
2021-04-07