CVE-2018-19791 - OpenCVE

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Litespeedtech	Openlitespeed

Configuration 1 [-]

OR	cpe:2.3:a:litespeedtech:openlitespeed::::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:-::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc1::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc2::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc3::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc4::::::
	cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc5::::::

No data.

References

Link	Providers
https://github.com/litespeedtech/openlitespeed/issues/117

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-03T06:00:00

Updated: 2024-08-05T11:44:20.490Z

Reserved: 2018-12-03T00:00:00

Link: CVE-2018-19791

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-03T06:29:00.400

Modified: 2019-02-05T16:10:55.603

Link: CVE-2018-19791

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the \"bytes=0-,0-\" substring."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-03T06:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/litespeedtech/openlitespeed/issues/117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19791", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the \"bytes=0-,0-\" substring."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/litespeedtech/openlitespeed/issues/117", "refsource": "MISC", "url": "https://github.com/litespeedtech/openlitespeed/issues/117"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:44:20.490Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/litespeedtech/openlitespeed/issues/117"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19791", "datePublished": "2018-12-03T06:00:00", "dateReserved": "2018-12-03T00:00:00", "dateUpdated": "2024-08-05T11:44:20.490Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "matchCriteriaId": "516D6E56-E2B0-448E-BEBF-1007DD2F9F96", "versionEndExcluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "0D166A0A-E47E-4CB9-9802-9E0DF0295523", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4F83049D-873B-4597-95AB-A2EB527D3038", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "91824E53-FCC7-4DCD-A4EE-FA9A08415842", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "AB251670-E1F5-43F7-9932-3EC7515CEF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "EB7D62CF-192B-479E-AADB-48B4705EA092", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "69DA7BFE-EB1A-42D1-AC45-A39045BB5A60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the \"bytes=0-,0-\" substring."}, {"lang": "es", "value": "El servidor en LiteSpeed OpenLiteSpeed en versiones anteriores a la 1.5.0 RC6 no manipula correctamente las peticiones para secuencias de bytes, permitiendo a un atacante que ampl\u00ede el tama\u00f1o de la respuesta al solicitar el cuerpo completo de la respuesta de manera repetida, tal y como queda demostrado con con un valor de cabecera HTTP Range que empieza por la subcadena \"bytes=0-,0-\"."}], "id": "CVE-2018-19791", "lastModified": "2019-02-05T16:10:55.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-03T06:29:00.400", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/litespeedtech/openlitespeed/issues/117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}