The server in LiteSpeed OpenLiteSpeed prior to 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
litespeedtech openlitespeed 1.5.0 |
||
litespeedtech openlitespeed |