Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvePalo_altoCVE-2022-0072
HistoryOct 27, 2022 - 8:15 p.m.

CVE-2022-0072

2022-10-2720:15:12
CWE-22
palo_alto
web.nvd.nist.gov
47
5
cve-2022-0072
litespeed
openlitespeed
web server
directory traversal
vulnerability
nvd

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1

Affected configurations

Nvd
Vulners
Node
litespeedtechopenlitespeedRange1.6.51.6.20.1
OR
litespeedtechopenlitespeedRange1.7.01.7.16.1
OR
litespeedtechopenlitespeedMatch1.5.11
OR
litespeedtechopenlitespeedMatch1.5.12
VendorProductVersionCPE
litespeedtechopenlitespeed*cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*
litespeedtechopenlitespeed1.5.11cpe:2.3:a:litespeedtech:openlitespeed:1.5.11:*:*:*:*:*:*:*
litespeedtechopenlitespeed1.5.12cpe:2.3:a:litespeedtech:openlitespeed:1.5.12:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenLiteSpeed Web Server",
    "repo": "https://github.com/litespeedtech/openlitespeed",
    "vendor": "LiteSpeed Technologies",
    "versions": [
      {
        "lessThanOrEqual": "1.5.12",
        "status": "affected",
        "version": "1.5.11",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.6.20.1",
        "status": "affected",
        "version": "1.6.5",
        "versionType": "custom"
      },
      {
        "lessThan": "1.7.16.1",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "LiteSpeed Web Server",
    "vendor": "LiteSpeed Technologies",
    "versions": [
      {
        "lessThanOrEqual": "1.5.12",
        "status": "affected",
        "version": "1.5.11",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.6.20.1",
        "status": "affected",
        "version": "1.6.5",
        "versionType": "custom"
      },
      {
        "lessThan": "1.7.16.1",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

nvd 1
osv 1
prion 1
cvelist 1
thn 1
nvd
nvd
CVE-2022-0072
2022-10-27 20:15:12
osv
osv
CVE-2022-0072
2022-10-27 20:15:12
prion
prion
Directory traversal
2022-10-27 20:15:00
cvelist
cvelist
CVE-2022-0072 Directory Traversal in OpenLiteSpeed Web Server
2022-10-27 19:28:49
thn
thn
Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software
2022-11-11 10:13:00

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON
Related for CVE-2022-0072
nvd1osv1prion1cvelist1thn1