The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
Advisories
Source ID Title
EUVD EUVD EUVD-2018-11470 The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T11:44:20.490Z

Reserved: 2018-12-03T00:00:00

Link: CVE-2018-19791

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-03T06:29:00.400

Modified: 2024-11-21T03:58:33.977

Link: CVE-2018-19791

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.