VYPR
Unrated severityOSV Advisory· Published Dec 3, 2018· Updated Aug 5, 2024

CVE-2018-19791

CVE-2018-19791

Description

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • v1.0.4, v1.3, v1.3.2, …+ 1 more
    • (no CPE)range: v1.0.4, v1.3, v1.3.2, …
    • (no CPE)range: < 1.5.0 RC6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.