← back
CVE-2022-0072

Directory Traversal in OpenLiteSpeed Web Server

CVSS 5.8 MEDIUMEPSS 1.0%CWE-22
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
LiteSpeed Technologies · LiteSpeed Web ServerLiteSpeed Technologies · OpenLiteSpeed Web Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061