Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover

LiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server.

LiteSpeed Web Server vulnerabilities discovered by researchers at Palo Alto Networks can be exploited to take complete control of a targeted server.

The security holes were discovered during an audit of OpenLiteSpeed, the open source version of the LiteSpeed performance-focused web server made by LiteSpeed Technologies. Both versions are impacted by the vulnerabilities and they have been patched with the release of OpenLiteSpeed 1.7.16.1 and LiteSpeed 6.0.12.

LiteSpeed is a popular web server and an analysis by Palo Alto Networks showed that it has a 2% market share — others say that it has a much bigger market share — and that it is used by 1.9 million internet-facing instances.

The vulnerabilities discovered by the security firm’s researchers can be exploited to compromise the targeted web server and execute arbitrary code with elevated privileges.

However, the flaws cannot be exploited without authentication. The attacker must first use a brute-force attack or social engineering to obtain valid credentials to the web server’s dashboard.

The first vulnerability, rated ‘high severity’ and tracked as CVE-2022-0073, is related to a field that allows users to specify a command to be executed when the server starts.

“This functionality is considered dangerous and therefore mitigations for abusing it were implemented. We managed to bypass the mitigations and abuse this functionality to download and execute a malicious file on the server with the privileges of the user nobody, which is an unprivileged user that traditionally exists in Linux machines,” Palo Alto Networks explained.

Advertisement. Scroll to continue reading.

The second vulnerability, also rated ‘high severity’ and tracked as CVE-2022-0074, can be leveraged by an attacker who has exploited the previous flaw to escalate privileges from ‘nobody’ to ‘root’.

The third issue, CVE-2022-0072, is a directory traversal bug that can be exploited to bypass security measures and access forbidden files.

“An attacker that compromised the server could create a secret backdoor and exploit the vulnerability to access it,” the security firm said.

Patches were released roughly two weeks after Palo Alto Networks reported its findings to LiteSpeed developers.

Related: CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild

Related: New ‘Enemybot’ DDoS Botnet Targets Routers, Web Servers

Related: Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.