Unrated severityOSV Advisory· Published Dec 3, 2018· Updated Aug 5, 2024
CVE-2018-19791
CVE-2018-19791
Description
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v1.0.4, v1.3, v1.3.2, …+ 1 more
- (no CPE)range: v1.0.4, v1.3, v1.3.2, …
- (no CPE)range: < 1.5.0 RC6
Patches
Vulnerability mechanics
References
1- github.com/litespeedtech/openlitespeed/issues/117mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.