mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
138 lines
4.3 KiB
JSON
138 lines
4.3 KiB
JSON
{
|
|
"id": "CVE-2022-0072",
|
|
"sourceIdentifier": "psirt@paloaltonetworks.com",
|
|
"published": "2022-10-27T20:15:12.417",
|
|
"lastModified": "2023-11-07T03:40:56.473",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and\u00a0LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de Directory Traversal en LiteSeep Technologies OpenLiteSpeed ??Web Server y LiteSpeed ??Web Server permite Path Traversal. Esto afecta a las versiones desde la 1.5.11 hasta la 1.5.12, desde la 1.6.5 hasta la 1.6.20.1, desde la 1.7.0 anterior a la 1.7.16.1."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
},
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "1.6.5",
|
|
"versionEndIncluding": "1.6.20.1",
|
|
"matchCriteriaId": "0FD4E9B6-0BFE-44D2-83AA-1EFBDC0BC2AB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "1.7.0",
|
|
"versionEndExcluding": "1.7.16.1",
|
|
"matchCriteriaId": "96987D69-D7A7-4ACD-81B9-339C096AD9D8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "093A8797-4DA4-4B8A-B9FE-1D7CD11225AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:litespeedtech:openlitespeed:1.5.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75720FC7-7158-4301-A055-E292CEDFF4DB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16.1/src/main/httpserver.cpp#L2060-L2061",
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://github.com/litespeedtech/openlitespeed/blob/v1.7.16/src/main/httpserver.cpp#L2060-L2061",
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |