Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
OpenLiteSpeed Number Of NVD 3 CRITICAL 0 HIGH 0 MEDIUM 3 LOW 0
URL https://openlitespeed.org/
Explanation Apache、IIS、NGINXに次いで多く使われているWebアプリケーションサーバーです。
商業的にはhttps://www.litespeedtech.com/、オープンソースとしてはOpenLiteSpeedがサポートされています。

Apache Web Serverとの互換性があり、同じ設定ファイルを使用しています。
Tag
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.litespeedtech.com/products/litespeed-web-server/release-log
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 LiteSpeed Web Server 6.3 6.3.4 Aug. 1, 2025 June 26, 2024 0 0 0 0
2 LiteSpeed Web Server 6.2 6.2.2 (Stable) April 3, 2024 Dec. 6, 2023 0 0 0 0
3 LiteSpeed Web Server 6.1 6.1.2 (Stable) May 24, 2023 0 0 0 0
4 LiteSpeed Web Server 6.0 6.0.12 May 12, 2022 0 0 0 0
5 LiteSpeed Web Server 5.4 5.4.12 July 22, 2021 0 0 0 0
6 LiteSpeed Web Server 5.3 5.3.8 May 21, 2019 0 0 0 0
7 LiteSpeed Web Server 4.1 4.1.11 0 0 1 0
8 LiteSpeed Web Server 4.0 4.0.14 0 0 1 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gti… CWE-79
Cross-site Scripting 		CVE-2012-4871 cpe:2.3:a:litespeedtech:litespeed_web_server:4.1.11:* 2024-11-21 10:43
2012-09-7 		Show GitHub Exploit DB Packet Storm
2 -
5.0 		MEDIUM LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. CWE-200
Information Exposure 		CVE-2010-2333 cpe:2.3:a:litespeedtech:litespeed_web_server:4.0:*
cpe:2.3:a:litespeedtech:litespeed_web_server:4.0.9:*
cpe:2.3:a… 		2024-11-21 10:16
2010-06-19 		Show GitHub Exploit DB Packet Storm
3 -
5.0 		MEDIUM The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote at… CWE-125
Out-of-bounds Read 		CVE-2004-0112 cpe:2.3:a:litespeedtech:litespeed_web_server:1.0.1:* 2024-02-16 05:54
2004-11-23 		Show GitHub Exploit DB Packet Storm