6 matches found
CVE-2024-31617
OpenLiteSpeed before 1.8.1 mishandles chunked encoding. Affected software: OpenLiteSpeed (web server). Root cause: mishandling of chunked encoding. Impact stated in sources is limited to the server misbehavior; no explicit exploitation details are provided in the documents. Mitigation: upgrade to...
CVE-2020-5519
The CVE-2020-5519 issue affects OpenLiteSpeed’s WebAdmin Console prior to 1.6.5, where URL validation in the Server Configuration > External App screen is insufficient. This is documented across multiple sources as enabling potential code execution via the WebAdmin Console. A fixed version is ...
CVE-2023-40518
LiteSpeed OpenLiteSpeed
CVE-2018-19791
LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...
CVE-2015-3890
CVE-2015-3890 applies to Open Litespeed before 1.3.10, described as a use-after-free vulnerability. Multiple connected sources characterize the issue as a memory misreference that could allow remote-triggered crashes or instability; one CNVD entry explicitly calls it a memory misreference vulnera...
CVE-2025-54939
CVE-2025-54939 affects the LiteSpeed QUIC (LSQUIC) Library prior to 4.3.1, where a memory leak in the lsquic_engine_packet_in path can cause linear memory growth and potential DoS. The vulnerability is triggered by mis-handling coalesced QUIC Initial packets before a handshake, leading to memory ...