CVE-2022-0072

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenLiteSpeed Web Server versions 1.5.11 through 1.5.12 OpenLiteSpeed Web Server versions 1.6.5 through 1.6.20.1 OpenLiteSpeed Web Server versions 1.7.0 through 1.7.16.0 LiteSpeed Web Server versions 1.5.11 through 1.5.12 LiteSpeed Web Server versions 1.6.5 through 1.6.20.1 LiteSpeed Web Server versions 1.7.0 through 1.7.16.0

Description A Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal.

Recommendations For OpenLiteSpeed Web Server versions 1.5.11 through 1.5.12, update to a version after 1.5.12. For OpenLiteSpeed Web Server versions 1.6.5 through 1.6.20.1, update to a version after 1.6.20.1. For OpenLiteSpeed Web Server versions 1.7.0 through 1.7.16.0, update to version 1.7.16.1 or later. For LiteSpeed Web Server versions 1.5.11 through 1.5.12, update to a version after 1.5.12. For LiteSpeed Web Server versions 1.6.5 through 1.6.20.1, update to a version after 1.6.20.1. For LiteSpeed Web Server versions 1.7.0 through 1.7.16.0, update to version 1.7.16.1 or later.

Exploit

Fix

Untrusted Search Path

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-22

Related Identifiers

BDU:2023-00698

CVE-2022-0072

Affected Products

Litespeed Web Server

Openlitespeed Web Server

CVE-2022-0072

Weakness Enumeration

Related Identifiers

Affected Products

References · 12