Directory Traversal in OpenLiteSpeed Web Server
CVE-2022-0072

5.8MEDIUM

Key Information:

Vendor

Litespeed Technologies

Status
Openlitespeed Web Server
Litespeed Web Server
Vendor
CVE Published:
27 October 2022

What is CVE-2022-0072?

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

Affected Version(s)

LiteSpeed Web Server 1.5.11 <= 1.5.12

LiteSpeed Web Server 1.6.5 <= 1.6.20.1

LiteSpeed Web Server 1.7.0 < 1.7.16.1

References

https://github.com/litespeedtech/openlitespeed/blob/v1.7....
https://github.com/litespeedtech/openlitespeed/blob/v1.7....

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.