CVE-2022-0072

Directory Traversal in OpenLiteSpeed Web Server

CVSS 5.8 MEDIUMEPSS 1.0%CWE-22

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

LiteSpeed Technologies · LiteSpeed Web Server LiteSpeed Technologies · OpenLiteSpeed Web Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061 https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061