What is CVE-2010-2333?

CVE-2010-2333 is a vulnerability in Litespeedtech Litespeed_web_server, classified under Information Disclosure. Published 2010-06-18.

Is CVE-2010-2333 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Litespeedtech Litespeed_web_server

CVE-2010-2333

LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.

Vulnerability class: Information Disclosure

EPSS: 0.765 (99.0th percentile) — read the EPSS interpretation.

Affected products

Litespeedtech Litespeed_web_server — versions 4.0.9, 4.0.2, 4.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

13850 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
65476 (x_refsource_OSVDB, vdb-entry)
40128 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
20100613 Litespeed Technologies Web Server Remote Poison null byte Zero-Day (mailing-list, Exploit, x_refsource_FULLDISC)
40815 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2010-2333?: CVE-2010-2333 is a vulnerability in Litespeedtech Litespeed_web_server, classified under Information Disclosure. Published 2010-06-18.
Is CVE-2010-2333 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.