CVE-2022-0072
published 2022-10-27CVE-2022-0072: Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects…
PriorityP431medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EPSS
0.97%
57.5th percentile
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| litespeed_technologies | litespeed_web_server | 1.5.11 – 1.5.12 | — |
| litespeed_technologies | litespeed_web_server | 1.6.5 – 1.6.20.1 | — |
| litespeed_technologies | litespeed_web_server | >= 1.7.0 < 1.7.16.1 | 1.7.16.1 |
| litespeed_technologies | openlitespeed_web_server | 1.5.11 – 1.5.12 | — |
| litespeed_technologies | openlitespeed_web_server | 1.6.5 – 1.6.20.1 | — |
| litespeed_technologies | openlitespeed_web_server | >= 1.7.0 < 1.7.16.1 | 1.7.16.1 |
| litespeedtech | openlitespeed | — | — |
| litespeedtech | openlitespeed | — | — |
| litespeedtech | openlitespeed | 1.6.5 – 1.6.20.1 | — |
| litespeedtech | openlitespeed | >= 1.7.0 < 1.7.16.1 | 1.7.16.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Unit42
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
blogs_unit42·2022-11-10·CVSS 5.8
CVE-2022-0072 [MEDIUM] Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
Threat Research Center
Threat Research
Vulnerabilities
## Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
Artur Avetisyan
Published: November 10, 2022
Cloud Cybersecurity Research
Threat Research
Vulnerabilities
Containers
CVE-2022-0072
CVE-2022-0073
CVE-2022-0074
Exploit
Openlitespeed
Privilege escalation
Remote Code Execution
Web server
## Executive Summary
The Unit 42 research team has researched and discovered three different vulnerabilities in the open source OpenLiteSpeed Web Server . These vulnerabilities also affect the enterprise version, LiteSpeed Web Server . By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution. The vulnerabilities discovered include:
Re
Unit42
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
blogs_unit42·2022-11-10·CVSS 5.8
CVE-2022-0073 [MEDIUM] Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server
## Executive Summary
The Unit 42 research team has researched and discovered three different vulnerabilities in the open source OpenLiteSpeed Web Server. These vulnerabilities also affect the enterprise version, LiteSpeed Web Server. By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution. The vulnerabilities discovered include:
1. Remote Code Execution (CVE-2022-0073) rated High severity (CVSS 8.8)
2. Privilege Escalation (CVE-2022-0074) rated High severity (CVSS 8.8)
3. Directory Traversal (CVE-2022-0072) rated Medium severity (CVSS 5.8)
OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise, which is developed and maintained by LiteSpeed Technologies. LiteSpeed Web Server is ranke
https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061
2022-10-27
Published