Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution.
“By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution,” Palo Alto Networks Unit 42 said in a Thursday report.
OpenLiteSpeed, the open source edition of LiteSpeed Web Server, is the sixth most popular web server, accounting for 1.9 million unique servers across the world.
The first of the three flaws is a directory traversal flaw (CVE-2022-0072, CVSS score: 5.8), which could be exploited to access forbidden files in the web root directory.
images from Hacker News