Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openlitespeed vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 up to and including 1.5.12, from 1.6.5 up to and including 1.6.20.1, from 1.7.0 prior to 1.7.16.1
Litespeedtech Openlitespeed
Litespeedtech Openlitespeed 1.5.12
Litespeedtech Openlitespeed 1.5.11
356
VMScore
CVE-2018-19791
The server in LiteSpeed OpenLiteSpeed prior to 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an malicious user to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with ...
Litespeedtech Openlitespeed 1.5.0
Litespeedtech Openlitespeed
409
VMScore
CVE-2018-19792
The server in LiteSpeed OpenLiteSpeed prior to 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving .....
Litespeedtech Openlitespeed 1.5.0
Litespeedtech Openlitespeed
NA
CVE-2023-40518
LiteSpeed OpenLiteSpeed prior to 1.7.18 does not strictly validate HTTP request headers.
Litespeedtech Openlitespeed
1 Github repository
446
VMScore
CVE-2015-3890
Use-after-free vulnerability in Open Litespeed prior to 1.3.10.
Litespeedtech Openlitespeed
NA
CVE-2022-0073
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions prior to 1.7.16.1.
Litespeedtech Openlitespeed
NA
CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 prior to 1.7.16.1.
Litespeedtech Openlitespeed
668
VMScore
CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.
Litespeedtech Openlitespeed
801
VMScore
CVE-2021-26758
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows malicious users to gain root terminal access and execute commands on the host system.
Litespeedtech Openlitespeed 1.7.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started