CVE-2023-40518
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-40518
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40518.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-40518
- Published
- 2023-08-14T22:15:14.327Z
- Modified
- 2025-11-15T06:48:21.337686Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
- References
Affected packages
Git / github.com/litespeedtech/openlitespeed
Affected ranges
- Type
- GIT
- Repo
- https://github.com/litespeedtech/openlitespeed
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v.*
v.1.7.11
v.1.7.11.1
v1.*
v1.0.4
v1.3
v1.3.2
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.18.1
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.5.0
v1.5.0rc6
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.1
v1.7.10
v1.7.10.1
v1.7.10.2
v1.7.12
v1.7.12.1
v1.7.13
v1.7.13.1
v1.7.13.2
v1.7.14
v1.7.15
v1.7.15.2
v1.7.16
v1.7.16.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.7.9.1
v1.7.9.2