cbcvebase.
CVE-2010-2333
published 2010-06-18

CVE-2010-2333: LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte…

PriorityP350medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
60.20%
99.0th percentile
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

Affected

15 ranges
VendorProductVersion rangeFixed in
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server
litespeedtechlitespeed_web_server

Detection & IOCsextracted from sources · hover to see the quote

  • Flag HTTP responses from servers identifying as 'LiteSpeed' where the request URI contains a null byte — the exploit checks for 'LiteSpeed' in the response to confirm target validity
  • Use the Google dork 'Proudly Served by LiteSpeed Web Server' to identify exposed LiteSpeed instances potentially vulnerable to this CVE
  • Metasploit auxiliary module targets LiteSpeed versions 4.0.14 and prior for source code disclosure scanning
  • The vulnerability allows reading script source code (e.g., PHP files) via a null-byte-poisoned URI; monitor for unexpected .txt-suffixed requests to known script paths
  • ·Vulnerability is version-scoped: only LiteSpeed Web Server 4.0.x before 4.0.15 is affected; version 4.0.15 and later are not vulnerable
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.