The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

Source: CVE-2018-19791

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.