Security Advisory

CVE-2018-19791

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-12-03 06:00:00

Last updated 2024-08-05 11:44:20

Assigner mitre

State PUBLISHED

Description

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

← Browse all CVEs View on cve.org ↗