CVE-2023-40518

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 14, 2023

Updated: Aug 22, 2023

Summary

CVE-2023-40518 refers to a vulnerability in LiteSpeed OpenLiteSpeed versions prior to 1.7.18. This issue allows an attacker to send malformed HTTP request headers that are not properly validated by the server. As a result, an unintended response or unauthorized functionality could be triggered, potentially leading to server instability or even remote code execution. This vulnerability could be exploited via web traffic, posing a significant security risk to organizations using the affected software. Administrators are urged to upgrade to the latest version of LiteSpeed OpenLiteSpeed to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Litespeedtech Open Litespeed

Advisories, Assessments, and Mitigations

Back to Vulnerability Database