The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2018-11470 | The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://github.com/litespeedtech/openlitespeed/issues/117 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T11:44:20.490Z
Reserved: 2018-12-03T00:00:00
Link: CVE-2018-19791

No data.

Status : Modified
Published: 2018-12-03T06:29:00.400
Modified: 2024-11-21T03:58:33.977
Link: CVE-2018-19791

No data.

No data.