Skip to main content

Report of "HTTP/1.1 Request Smuggling" vulnerability.

Comments

1 comment

  • rbairwell

    A quick search for "Request Smuggling Litespeed" on DuckDuckGo shows that this is a reported issue with OpenLiteSpeed:  https://github.com/litespeedtech/openlitespeed/issues/394 (and issue 395 and 392).

    Looking at the Litespeed changelog, this should have been fixed in the commercial product in version v6.1.2 build 2 and OpenLitespeed v1.7.17 (both June 2023) - so it looks like either a regression in the code has caused the problem to reoccur or it is a slightly different issue.

    It looks like there is no Litespeed fix available currently available - but hopefully LS will release an update soon.

    0

Please sign in to leave a comment.