CVE-2023-40518

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

References

Link	Resource
https://openlitespeed.org/release-log/version-1-7-x/	Release Notes
https://www.litespeedtech.com/products/litespeed-web-server/release-log	Release Notes
https://openlitespeed.org/release-log/version-1-7-x/	Release Notes
https://www.litespeedtech.com/products/litespeed-web-server/release-log	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
References	~~() https://openlitespeed.org/release-log/version-1-7-x/ - Release Notes~~	() https://openlitespeed.org/release-log/version-1-7-x/ - Release Notes
References	~~() https://www.litespeedtech.com/products/litespeed-web-server/release-log - Release Notes~~	() https://www.litespeedtech.com/products/litespeed-web-server/release-log - Release Notes

Information

Published : 2023-08-14 22:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40518

Mitre link : CVE-2023-40518

CVE.ORG link : CVE-2023-40518

JSON object : View

Products Affected

litespeedtech

CWE

NVD-CWE-noinfo