📦

litespeed_web_server

Vendor: litespeedtech

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 0 Remote Access

Total CVEs 7 Total Indexed

Avg. EPSS 20.85% Exploit Prob.

Latest CVE CVE-2025-54939 Aug 01

Security Vulnerability Index

Page 1 / 1

5.3 CVSS

CVE-2025-54939

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

EPSS: 0.55%

Severity: MEDIUM

Aug 01, 2025

4.3 CVSS

CVE-2012-4871

Exploit Found

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

EPSS: 5.45%

Severity: MEDIUM

Sep 06, 2012

5.0 CVSS

CVE-2010-2333

Exploit Found

LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

EPSS: 76.49%

Severity: MEDIUM

Jun 18, 2010

5.0 CVSS

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

EPSS: 0.92%

Severity: MEDIUM

Nov 23, 2004

Displaying 4 of 7 Total Entries

Total 1 Sections