![]() ![]() This vulnerability has already been patched on Shared Hosting web servers. If you have any questions or need assistance with upgrading your Litespeed web server installation(s), please contact support. From the top of the page, click on the Download/Upgrade link for version 4.0.15. Start by identifying the technologies used by the web server. If you are using a recent version of Litespeed web server, the easiest method to upgrade is to access your Litespeed admin console, then click on Actions > Version Manager. The release log for the new version can be found here: LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null. Can be used to scan any web server (Apache, Nginx, Lighttpd, Litespeed, etc.) Scans against 6,700+ known vulnerabilities and version checks for 1,250+ web. The full details of the disclosure can be found here: This vulnerability has been publicly disclosed so it is urgent that any Litespeed web server installation older than 4.0.15 be updated as soon as possible. This could allow information disclosure of PHP configuration variables, such as database user information. On the other hand, you can also do it by using LiteSpeed server control panel. To disable directory listing at the server level, you can manually update the httpdconfig.xml file. ea-apache24-mod-passenger Install this package if your system runs Ubuntu. Install one of the following packages: ea-ruby27-modpassenger Install this package if you use a Red-Hat®-based system. ![]() Posted by Kevin Stange on 14 June 2010 01:17 PMĪ serious vulnerability has been discovered in LiteSpeed web server which can allow a remote user to fetch the source code of a script file located on a VirtualHost. LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a '00. Similar to all other web servers weve covered so far, on the LiteSpeed web server you can disable directory listing at both web server and website level. To install NGINX on your server, you must meet the following requirements: Run EasyApache 4. ![]()
0 Comments
Leave a Reply. |