PT-2018-15093 · Litespeed Technologies · Openlitespeed
Wireghoul
·
Published
2018-12-03
·
Updated
2019-02-05
·
CVE-2018-19791
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenLiteSpeed versions prior to 1.5.0 RC6
Description
The issue arises from the server's incorrect handling of requests for byte sequences. An attacker can exploit this by amplifying the response size through repeated requests for the entire response body, as seen with an HTTP Range header value starting with the "bytes=0-,0-" substring.
Recommendations
For versions prior to 1.5.0 RC6, update to version 1.5.0 RC6 or later to resolve the issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openlitespeed