Main
Vulnerability Database
Exploits
ID:1406 - Exploit for Poison null byte in OpenLiteSpeed - CVE-2010-2333
ID:1406 - Exploit for Poison null byte in OpenLiteSpeed - CVE-2010-2333
Published: March 18, 2020
Vulnerability identifier: #VU12158
Vulnerability risk: Low
CVE-ID: CVE-2010-2333
CWE-ID: CWE-626
Exploitation vector: Remote access
Vulnerable software:
OpenLiteSpeed
OpenLiteSpeed
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to poison null byte. A remote attacker can read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
The weakness exists due to poison null byte. A remote attacker can read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
Remediation
Update to version 4.0.15.