During this period we monitored the changes and ensured they were not affecting anything else. On October 8th, we internally remediated these bugs and put them into testing. LiteSpeed’s Team acted swiftly and informed Unit 42 that the issues were under remediation. We would like to thank the Unit 42 Team at Palo Alto Networks for responsibly disclosing security issues in our OpenLiteSpeed and LiteSpeed Enterprise web servers on October 4th, and maintaining good communication throughout. Future security updates will be released with incremented version numbers, and will no longer be released as new builds of existing version numbers.
#LITESPEED WEB SERVER EXPLOIT 2019 UPGRADE#
You should upgrade to the latest version and build of OpenLiteSpeed or LiteSpeed Enterprise, as appropriate.One is within the Docker system, and the other two cannot be exploited without WebAdmin access. These vulnerabilities don’t impact the majority of our clients.These were fixed in OpenLiteSpeed v1.7.16 Build 1 and LiteSpeed Enterprise v6.0.12 Build 10.
Three vulnerabilities were reported to LiteSpeed.Today, as a part of that commitment, we want to share details of certain bugs reported in OpenLiteSpeed (OLS) and LiteSpeed Enterprise (LSWS) web servers. Our priority is to empower our customers to better protect their systems, but we also take such situations as learning opportunities. So when a vulnerability is discovered, we act quickly.
Security has always been at the forefront of our development process at LiteSpeed Technologies.
0 kommentar(er)
