CVE-2018-19791

Published: Dec 3, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

Affected (7)

Products: Litespeedtech: Openlitespeed

Litespeedtech

1 product

Openlitespeed

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Litespeedtech Openlitespeed	Before 1.5.0
Litespeedtech Openlitespeed	Version 1.5.0
Litespeedtech Openlitespeed	Version 1.5.0 rc1
Litespeedtech Openlitespeed	Version 1.5.0 rc2
Litespeedtech Openlitespeed	Version 1.5.0 rc3
Litespeedtech Openlitespeed	Version 1.5.0 rc4
Litespeedtech Openlitespeed	Version 1.5.0 rc5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/litespeedtech/openlitespeed/issues/117

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/litespeedtech/openlitespeed/issues/117

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.