LiteSpeed Web Server Source Code Information Disclosure
Medium Nessus Plugin ID 48246
SynopsisThe remote web server is affected by a source code disclosure vulnerability.
DescriptionThe installed version of the LiteSpeed web server software on the remote host returns the source of scripts hosted on it when a NULL byte and '.txt' is appended to the request URL.
A remote attacker may be able to leverage this issue to view a file on the web server's source code and possibly obtain passwords and other sensitive information from this host.
SolutionUpgrade to LiteSpeed version 4.0.15 or later.