CVE-2022-0072

Summary

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

Affected Software

VendorProductVersion RangeStatus
LiteSpeed TechnologiesOpenLiteSpeed Web Server1.5.11 <= 1.5.12affected
LiteSpeed TechnologiesOpenLiteSpeed Web Server1.6.5 <= 1.6.20.1affected
LiteSpeed TechnologiesOpenLiteSpeed Web Server1.7.0 < 1.7.16.1affected
LiteSpeed TechnologiesLiteSpeed Web Server1.5.11 <= 1.5.12affected
LiteSpeed TechnologiesLiteSpeed Web Server1.6.5 <= 1.6.20.1affected
LiteSpeed TechnologiesLiteSpeed Web Server1.7.0 < 1.7.16.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References