Comments (17)
Seems like it would be good to setup:
from openlitespeed.
You can send email to bug litespeedtech com .
from openlitespeed.
We have send a mail with the complete PoC attached @litespeedtech
from openlitespeed.
we haven't recieved any replies on mail yet @litespeedtech
from openlitespeed.
We replied the email through our ticket system on Friday 8th March, please check your email spam folder.
Please try the latest 1.8.0 debug build see if the vulnerability has been fixed or not.
/usr/local/lsws/admin/misc/lsup.sh -b -e 1.8.0
from openlitespeed.
Can you confirm ? I can't find it as a reply to my mail , its not in the spam too.
from openlitespeed.
We have replied to your Ticket mail.
from openlitespeed.
The bug still exists in the current release. Please check our reply to your mail ticket bug[@]litespeedtech[.]com
Ticket ID: 293496 @litespeedtech
from openlitespeed.
Thanks. We will have it fixed in a different way then.
from openlitespeed.
The current fix seems to solve the issue , please assign a CVE to credit the researchers from the first report we send.
from openlitespeed.
I think this bug is already patched , any update regarding the CVE ? @litespeedtech
from openlitespeed.
Curious to hear what this issue is. I wonder if it overlaps with any of the request smuggling issues I noticed a few months ago that have remained unfixed. See the README here for a list of these issues: https://github.com/narfindustries/http-garden
Send me mail (address at bottom of page on my website) if you know the answer to this.
from openlitespeed.
Related Issues (20)
- No request delivery notification has been received from LSAPI application, possible dead lock. HOT 12
- Compiling on macos reports errors HOT 4
- percona the infamous one HOT 1
- Please get packages included in all mainstram OS distros.
- FreeBSD support? HOT 1
- cannot run an ESM app HOT 6
- Documentation: Lack of ESI Support Causes issues with WordPress Nonces HOT 2
- v.1.7.19 dowload bug and some errors HOT 6
- Don't support this system? CentOS Stream 8? HOT 3
- QUIC library is ignoring error log settings HOT 3
- Segmentation fault HOT 2
- OLS, Mediawiki, and LiteSpeedCache HOT 1
- FreeBSD: Compilation warnings again with 1.8.0 HOT 2
- Does an expired session ticket key file just get renewed if unchanged? HOT 2
- File ".rtreport" affects the useful life of an SSD - WRITE I/O HOT 1
- webp replacment problem HOT 2
- SSL issue with binding multiple alias domains in vhost.conf HOT 1
- wrong header set when loading pre compressed js or css files HOT 1
- How to upgrade to 1.8.0 using apt? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openlitespeed.