{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0072", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "dateReserved": "2021-12-28T23:57:03.295Z", "datePublished": "2022-10-27T19:28:49.031Z", "dateUpdated": "2025-05-09T19:18:17.065Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenLiteSpeed Web Server", "repo": "https://github.com/litespeedtech/openlitespeed", "vendor": "LiteSpeed Technologies", "versions": [{"lessThanOrEqual": "1.5.12", "status": "affected", "version": "1.5.11", "versionType": "custom"}, {"lessThanOrEqual": "1.6.20.1", "status": "affected", "version": "1.6.5", "versionType": "custom"}, {"lessThan": "1.7.16.1", "status": "affected", "version": "1.7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "LiteSpeed Web Server", "vendor": "LiteSpeed Technologies", "versions": [{"lessThanOrEqual": "1.5.12", "status": "affected", "version": "1.5.11", "versionType": "custom"}, {"lessThanOrEqual": "1.6.20.1", "status": "affected", "version": "1.6.5", "versionType": "custom"}, {"lessThan": "1.7.16.1", "status": "affected", "version": "1.7.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}], "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-04T20:49:55.443Z"}, "references": [{"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061"}, {"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061"}], "source": {"discovery": "EXTERNAL"}, "title": "Directory Traversal in OpenLiteSpeed Web Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.599Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061", "tags": ["x_transferred"]}, {"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T19:18:00.655604Z", "id": "CVE-2022-0072", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T19:18:17.065Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061", "tags": ["x_transferred"]}, {"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.599Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-0072", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-09T19:18:00.655604Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T19:18:10.455Z"}}], "cna": {"title": "Directory Traversal in OpenLiteSpeed Web Server", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/litespeedtech/openlitespeed", "vendor": "LiteSpeed Technologies", "product": "OpenLiteSpeed Web Server", "versions": [{"status": "affected", "version": "1.5.11", "versionType": "custom", "lessThanOrEqual": "1.5.12"}, {"status": "affected", "version": "1.6.5", "versionType": "custom", "lessThanOrEqual": "1.6.20.1"}, {"status": "affected", "version": "1.7.0", "lessThan": "1.7.16.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "LiteSpeed Technologies", "product": "LiteSpeed Web Server", "versions": [{"status": "affected", "version": "1.5.11", "versionType": "custom", "lessThanOrEqual": "1.5.12"}, {"status": "affected", "version": "1.6.5", "versionType": "custom", "lessThanOrEqual": "1.6.20.1"}, {"status": "affected", "version": "1.7.0", "lessThan": "1.7.16.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061"}, {"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1", "supportingMedia": [{"type": "text/html", "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2022-11-04T20:49:55.443Z"}}}, "cveMetadata": {"cveId": "CVE-2022-0072", "state": "PUBLISHED", "dateUpdated": "2025-05-09T19:18:17.065Z", "dateReserved": "2021-12-28T23:57:03.295Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2022-10-27T19:28:49.031Z", "requesterUserId": "4bdfcd35-6352-4419-9b3e-118da80d0642", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FD4E9B6-0BFE-44D2-83AA-1EFBDC0BC2AB", "versionEndIncluding": "1.6.20.1", "versionStartIncluding": "1.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*", "matchCriteriaId": "96987D69-D7A7-4ACD-81B9-339C096AD9D8", "versionEndExcluding": "1.7.16.1", "versionStartIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "093A8797-4DA4-4B8A-B9FE-1D7CD11225AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "75720FC7-7158-4301-A055-E292CEDFF4DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"}, {"lang": "es", "value": "Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1."}], "id": "CVE-2022-0072", "lastModified": "2024-11-21T06:37:51.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-27T20:15:12.417", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061"}, {"source": "psirt@paloaltonetworks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}