CVE-2023-40518
https://notcve.org/view.php?id=CVE-2023-40518
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. • https://openlitespeed.org/release-log/version-1-7-x https://www.litespeedtech.com/products/litespeed-web-server/release-log •
CVE-2022-0074 – Privilege Escalation in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0074
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. Vulnerabilidad de Untrusted Search Path en LiteSpeed ??Technologies OpenLiteSpeed ??Web Server y LiteSpeed ?? • https://github.com/litespeedtech/ols-dockerfiles/blob/master/template/Dockerfile#L29 • CWE-426: Untrusted Search Path •
CVE-2022-0072 – Directory Traversal in OpenLiteSpeed Web Server
https://notcve.org/view.php?id=CVE-2022-0072
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1. • https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-5519
https://notcve.org/view.php?id=CVE-2020-5519
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. La WebAdmin Console en OpenLiteSpeed ??versiones anteriores a la versión v1.6.5 no comprueba estrictamente las URL de petición, como es demostrado por la pantalla "Server Configuration > External App". • https://drive.google.com/open?id=1pSciFEfjHp3kN8y5shy_zosJo7dje_fX https://forum.openlitespeed.org/threads/openlitespeed-v1-6-5-now-available.4047 • CWE-20: Improper Input Validation •