Intrusion Prevention

LiteSpeed.Web.Server.NullByte.Information.Disclosure

Description

This indicates an attempt to exploit an information disclosure vulnerability in LiteSpeed Web Server.
The vulnerability is caused by an error that occurs when the software handles a malicious HTTP request. It allows a remote attacker to read web application source code by sending a crafted request containing "%00.".

Affected Products

Lite Speed Technologies LiteSpeed Web Server 3.2.3

Impact

Information Disclosure.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://litespeedtech.com/

CVE References

CVE-2007-5654