LiteSpeed web server vulnerabilities can cause complete web server takeover

 


Palo Alto researcher found three different vulnerabilities in the open source openlightspeed Web server. These vulnerabilities also affect enterprise version

1. Remote Code Execution -CVE-2022-0073 CVSS 8.8

2. Privilege Escalation CVE-2022-0074 CVSS 8.8

3. Directory Traversal CVE-2022-0072

 

Lightspeed a Web server increases with performance and scalability of web hosting platforms through its unique event driven architecture, and it has the capability of serving thousand of clients simultaneously with minimum usage such as memory and CPU

Unit 42 responsibly disclosed the vulnerabilities to LiteSpeed Technologies with suggested remediation on Oct. 4, 2022. LiteSpeed Technologies swiftly released a patch version (v1.7.16.1) on Oct. 18, 2022, to mitigate the reported vulnerabilities.
Organizations using OpenLiteSpeed versions 1.5.11 up to 1.7.16 and LiteSpeed versions 5.4.6 up to 6.0.11 are advised to update their software to the latest matching release – v1.7.16.1 and 6.0.12.

Read Full report HERE

No comments:

Global Espionage? Chinese Cyber Centre Accuses U.S. of Tech Firm Hacks

  U.S. Accused of Cyberattacks and Trade Secret Theft by Chinese Cybersecurity Centre A Chinese cybersecurity organization has accused the U...