in

This popular open-source web server has some severe security defects


Hand increasing the protection level by turning a knob

( Image credit: Shutterstock)

OpenLiteSpeed Web Server, an internationally popular open-source web server, was bring a number of high-severity vulnerabilities, specialists have actually cautioned.

Threat stars that handled to make use of these defects would have been offered complete benefit remote code execution abilities, kept in mind scientists from Unit 42, Palo Alto Networks’ cybersecurity research study arm.

The group discovered OpenLiteSpeed Web Server brought 3 high-severity vulnerabilities, particularly CVE-2022-0073(an 8.8 seriousness rating, high-severity remote code execution defect), CVE-2022-0074(an 8.8 high-severity benefit escalation defect), and CVE-2022-0072(a 5.8, medium-severity directory site traversal defect). The vulnerabilities likewise impacted the business variation, LiteSpeed Web Server.

Patch prepared

Unit 42 has actually alerted LiteSpeed Technologies of its findings which has, consequently, covered the defects, and launched brand-new variations of the server, prompting users to upgrade their software application instantly.

Organizations utilizing OpenLiteSpeed variations 1.5.11 – 1.7.16, in addition to LiteSPeed variations 5.4.6 – 6.0.11 are prompted to bring their endpoints(opens in brand-new tab) approximately 1.7.161 and 6.0.12 as quickly as possible.

According to Unit 42, the LiteSpeed Web Server is the 6th most popular web ofering around, serving approximately 2% of all Web Server applications, with nearly 1.9 million distinct servers all over the world.

” We attempted to mimic the actions of an enemy and taken part in research study with the intent of discovering vulnerabilities and revealing them to the supplier,” the scientists described in a article(opens in brand-new tab)

” This research study has actually led to discovering 3 vulnerabilities that impact both the business and open source options. These might be chained and made use of by a foe who has the qualifications for the admin control panel, in order to acquire fortunate code execution on susceptible elements.”

Web servers have actually come a long method in regards to security and defenses, Unit 42 concludes, including that in spite of the positive outlook, vulnerabilities are still being discovered due to the fast rate of technological advancement.

Sead is a skilled freelance reporter based in Sarajevo, Bosnia and Herzegovina. He discusses IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and policies). In his profession, covering more than a years, he’s composed for many media outlets, consisting of Al Jazeera Balkans. He’s likewise held a number of modules on material composing for Represent Communications.

Read More

What do you think?

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

10 Best Chrome Extensions That Are Perfect for Everyone

10 Best Chrome Extensions That Are Perfect for Everyone

Black Friday 2022 live: has it began today?

Black Friday 2022 live: has it began today?