MA-236.062010: MyCERT Alert – Critical Vulnerability in LiteSpeed Web Server Date of publication: 2010-06-14 1.0 Introduction A critical vulnerability has been identified in the LiteSpeed Web Server. The vulnerability, if successfully exploited could potentially cause source code and sensitive information disclosure. This vulnerability occurs because Litespeed Web Server fails to adequately sanitize user-supplied input. MyCERT is aware that the exploit is available on the Internet at the time of the publication of this advisory. 2.0 Impact An attacker can gather sensitive information (database connection strings, application logic) by analyzing the source code. This information can be used to conduct further attacks. 3.0 Affected Products The detail list of the vulnerable products and versions are as below: - Litespeed Web Server 4.0.14 and earlier version
4.0 Recommendations MyCERT recommends system administrator of this application to upgrade to version 4.0.15. The update can be obtained via this URL:
http://www.litespeedtech.com/litespeed-web-server-downloads.html If you are unable to upgrade at this moment, please add the following mod_security 'Request Filter' rules to block the exploit: Name : NULLBYTE
Action: deny,log
Eabled: yes
Rules Definition: SecRule REQUEST_URI "\x00" If you don't have mod_security install, please add the following htaccess to block the exploit:
RedirectMatch 403 (.*)\x00\.txt
MyCERT advises users of this product to keep themselves updated with the latest security announcements by the vendor. MyCERT can be reached through the following channels for further assistance: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL><COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
