MidnightBSD

Advisories for litespeedtech

CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
avaya s8700 r2.0.0
stonesoft stonebeat_securitycluster 2.5
4d webstar 5.2
openssl openssl 0.9.7c
bluecoat proxysg *
apple mac_os_x_server 10.3.3
openssl openssl 0.9.7b
cisco pix_firewall_software 6.0
neoteris instant_virtual_extranet 3.3.1
forcepoint stonegate 2.2.4
apple mac_os_x 10.3.3
avaya sg203 4.4
cisco ios 12.2(14)sy
cisco firewall_services_module *
cisco webns 6.10
forcepoint stonegate 1.7
4d webstar 5.2.1
cisco css_secure_content_accelerator 1.0
checkpoint vpn-1 next_generation_fp2
novell edirectory 8.0
avaya vsu 100_r2.0.1
cisco ios 12.1(11b)e14
freebsd freebsd 5.1
forcepoint stonegate 1.5.18
avaya sg200 4.4
openbsd openbsd 3.4
avaya sg5 4.2
cisco pix_firewall_software 6.2(3.100)
hp aaa_server *
cisco webns 7.1_0.1.02
redhat openssl 0.9.6b-3
cisco ios 12.2(14)sy1
checkpoint provider-1 4.1
securecomputing sidewinder 5.2.0.03
cisco call_manager *
cisco pix_firewall_software 6.2
checkpoint firewall-1 *
forcepoint stonegate 2.1
hp hp-ux 11.00
cisco secure_content_accelerator 10000
vmware gsx_server 2.0
4d webstar 5.2.3
openssl openssl 0.9.7a
avaya intuity_audix *
checkpoint firewall-1 next_generation_fp0
avaya converged_communications_server 2.0
novell imanager 1.5
avaya sg208 *
avaya intuity_audix 5.1.46
freebsd freebsd 5.2.1
cisco webns 7.10_.0.06s
securecomputing sidewinder 5.2.0.04
cisco pix_firewall_software 6.2(2)
avaya vsu 7500_r2.0.1
sgi propack 2.3
cisco mds_9000 *
cisco firewall_services_module 2.1_(0.208)
stonesoft stonebeat_webcluster 2.0
dell bsafe_ssl-j 3.0.1
novell edirectory 8.6.2
stonesoft servercluster 2.5
vmware gsx_server 2.5.1_build_5336
hp hp-ux 11.11
redhat enterprise_linux 3.0
avaya intuity_audix s3400
openssl openssl 0.9.6c
dell bsafe_ssl-j 3.1
checkpoint vpn-1 next_generation_fp1
avaya sg5 4.4
cisco application_and_content_networking_software *
bluecoat cacheos_ca_sa 4.1.10
cisco firewall_services_module 1.1_(3.005)
cisco pix_firewall_software 6.1
avaya sg5 4.3
neoteris instant_virtual_extranet 3.2
forcepoint stonegate 1.6.3
redhat linux 8.0
checkpoint vpn-1 next_generation_fp0
avaya sg200 4.31.29
forcepoint stonegate 2.0.8
stonesoft stonebeat_fullcluster 1_3.0
cisco pix_firewall_software 6.3(1)
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.1(11b)e12
novell imanager 2.0
securecomputing sidewinder 5.2.1
openbsd openbsd 3.3
cisco firewall_services_module 1.1.2
forcepoint stonegate 2.0.5
cisco pix_firewall_software 6.0(4)
checkpoint firewall-1 2.0
avaya vsu 5x
novell edirectory 8.7
forcepoint stonegate 2.0.4
forcepoint stonegate 2.0.7
redhat enterprise_linux_desktop 3.0
neoteris instant_virtual_extranet 3.3
stonesoft stonebeat_fullcluster 3.0
sgi propack 3.0
cisco webns 6.10_b4
stonesoft stonebeat_webcluster 2.5
avaya sg203 4.31.29
cisco ios 12.1(19)e1
openssl openssl 0.9.6d
openssl openssl 0.9.6g
hp hp-ux 8.05
forcepoint stonegate 2.2.1
forcepoint stonegate 2.2
cisco threat_response *
freebsd freebsd 4.8
cisco pix_firewall_software 6.0(4.101)
4d webstar 5.3
checkpoint firewall-1 next_generation_fp2
cisco pix_firewall_software 6.1(4)
cisco content_services_switch_11500 *
cisco pix_firewall_software 6.2(3)
litespeedtech litespeed_web_server 1.0.1
cisco webns 7.1_0.2.06
forcepoint stonegate 2.0.9
dell bsafe_ssl-j 3.0
hp wbem a.01.05.08
securecomputing sidewinder 5.2
avaya s8700 r2.0.1
cisco pix_firewall_software 6.3(3.102)
cisco ciscoworks_common_services 2.2
cisco css11000_content_services_switch *
hp wbem a.02.00.00
cisco webns 7.2_0.0.03
hp hp-ux 11.23
cisco pix_firewall_software 6.1(5)
neoteris instant_virtual_extranet 3.1
novell edirectory 8.5
novell edirectory 8.7.1
vmware gsx_server 2.0.1_build_2129
redhat linux 7.3
avaya vsu 5
tarantella tarantella_enterprise 3.30
sun crypto_accelerator_4000 1.0
cisco pix_firewall 6.2.2_.111
cisco pix_firewall_software 6.3(2)
sco openserver 5.0.7
neoteris instant_virtual_extranet 3.0
avaya s8500 r2.0.1
forcepoint stonegate 1.7.2
avaya sg208 4.4
novell edirectory 8.5.27
cisco firewall_services_module 1.1.3
tarantella tarantella_enterprise 3.40
stonesoft servercluster 2.5.2
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.0(1)
hp apache-based_web_server 2.0.43.04
cisco okena_stormwatch 3.2
cisco pix_firewall_software 6.0(2)
cisco css_secure_content_accelerator 2.0
cisco gss_4490_global_site_selector *
avaya vsu 5000_r2.0.1
stonesoft stonebeat_securitycluster 2.0
cisco pix_firewall_software 6.3
openssl openssl 0.9.7
cisco pix_firewall_software 6.0(3)
sco openserver 5.0.6
vmware gsx_server 3.0_build_7592
freebsd freebsd 5.2
openssl openssl 0.9.6h
openssl openssl 0.9.6e
forcepoint stonegate 2.0.1
cisco ios 12.2za
openssl openssl 0.9.6k
vmware gsx_server 2.5.1
cisco ios 12.1(13)e9
cisco access_registrar *
cisco pix_firewall_software 6.3(3.109)
cisco ciscoworks_common_management_foundation 2.1
redhat openssl 0.9.7a-2
openssl openssl 0.9.6f
4d webstar 5.2.2
4d webstar 5.2.4
4d webstar 4.0
avaya s8300 r2.0.0
novell edirectory 8.5.12a
cisco ios 12.1(11)e
sgi propack 2.4
avaya vsu 10000_r2.0.1
stonesoft stonebeat_fullcluster 1_2.0
cisco ios 12.2sy
avaya s8300 r2.0.1
avaya vsu 2000_r2.0.1
hp apache-based_web_server 2.0.43.00
forcepoint stonegate 1.5.17
redhat openssl 0.9.6-15
4d webstar 5.3.1
securecomputing sidewinder 5.2.1.02
tarantella tarantella_enterprise 3.20
cisco ios 12.1(11b)e
cisco gss_4480_global_site_selector *
openssl openssl 0.9.6i
symantec clientless_vpn_gateway_4400 5.0
forcepoint stonegate 1.7.1
forcepoint stonegate 2.0.6
cisco pix_firewall_software 6.1(2)
hp wbem a.02.00.01
checkpoint firewall-1 next_generation_fp1
avaya vsu 500
checkpoint vpn-1 vsx_ng_with_application_intelligence
stonesoft stonebeat_fullcluster 2.0
forcepoint stonegate 1.6.2
cisco pix_firewall_software 6.2(1)
freebsd freebsd 4.9
avaya intuity_audix s3210
avaya s8500 r2.0.0
redhat linux 7.2
securecomputing sidewinder 5.2.0.01
openssl openssl 0.9.6j
cisco pix_firewall_software 6.1(1)
cisco pix_firewall_software 6.1(3)
securecomputing sidewinder 5.2.0.02
cisco webns 7.10
CVE-2010-2333 MEDIUM

LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
litespeedtech litespeed_web_server 4.0.5
litespeedtech litespeed_web_server 4.0.13
litespeedtech litespeed_web_server 4.0.10
litespeedtech litespeed_web_server 4.0.4
litespeedtech litespeed_web_server 4.0.1
litespeedtech litespeed_web_server 4.0.2
litespeedtech litespeed_web_server 4.0.8
litespeedtech litespeed_web_server 4.0.11
litespeedtech litespeed_web_server 4.0.3
litespeedtech litespeed_web_server 4.0.12
litespeedtech litespeed_web_server 4.0
litespeedtech litespeed_web_server 4.0.6
litespeedtech litespeed_web_server 4.0.14
litespeedtech litespeed_web_server 4.0.9
litespeedtech litespeed_web_server 4.0.7
CVE-2012-4871 MEDIUM

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
litespeedtech litespeed_web_server 4.1.11
CVE-2015-3890 MEDIUM

Use-after-free vulnerability in Open Litespeed before 1.3.10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2018-19791 MEDIUM

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
litespeedtech openlitespeed 1.5.0
CVE-2018-19792 MEDIUM

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
litespeedtech openlitespeed 1.5.0
CVE-2020-29172 MEDIUM

A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2020-5519 HIGH

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2021-24963 LOW

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2021-24964 LOW

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2021-26758 HIGH

Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
litespeedtech openlitespeed 1.7.8
CVE-2022-0072

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

Products Affected

Vendor Product Version
litespeedtech openlitespeed 1.5.11
litespeedtech openlitespeed 1.5.12
litespeedtech openlitespeed *
CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2022-30592 HIGH

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
litespeedtech lsquic *
CVE-2022-46800

Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2023-40000

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 3.9 3.7

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2023-4372

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2023-45000

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-25678

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

Products Affected

Vendor Product Version
litespeedtech lsquic *
CVE-2024-28000

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-31617

OpenLiteSpeed before 1.8.1 mishandles chunked encoding.

Products Affected

Vendor Product Version
litespeedtech openlitespeed *
CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-47373

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-47374

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-47637

Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2024-50550

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
litespeedtech litespeed_cache *
CVE-2025-54939

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
litespeedtech litespeed_web_adc *
litespeedtech lsquic *
litespeedtech openlitespeed *
litespeedtech litespeed_web_server *