Litespeed Technologies Litespeed Web Server vulnerabilities
5 known vulnerabilities affecting litespeed_technologies/litespeed_web_server.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-0073P1HIGHCVSS 8.8ExploitedRansomware≥ 1.7.0, < 1.7.16.12022-10-27
CVE-2022-0073 [HIGH] CWE-20 CVE-2022-0073: Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteS
Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.
nvd
CVE-2022-0074P1HIGHCVSS 8.8ExploitedRansomware≥ 1.6.15, < 1.7.16.12022-10-27
CVE-2022-0074 [HIGH] CWE-426 CVE-2022-0074: Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
nvd
CVE-2007-5654P3MEDIUMCVSS 5.0PoC≤ 3.2.32007-10-23
CVE-2007-5654 [MEDIUM] CWE-200 CVE-2007-5654: LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type f
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
nvd
CVE-2005-3695P4MEDIUMCVSS 4.3PoCv2.1.52005-11-20
CVE-2005-3695 [MEDIUM] CVE-2005-3695: Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 a
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
nvd
CVE-2022-0072P4MEDIUMCVSS 5.8≥ 1.5.11, ≤ 1.5.12≥ 1.6.5, ≤ 1.6.20.1+1 more2022-10-27
CVE-2022-0072 [MEDIUM] CWE-22 CVE-2022-0072: Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed W
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
nvd