Announcement Announcement Module
Collapse
No announcement yet.
Litespeed Web Server fix for ShellShock Vulnerability Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Litespeed Web Server fix for ShellShock Vulnerability


    In LSWS 4.2.16, if a request contains the environment variable string () { LSWS automatically ignores that environment value. Without this environment variable, the attacker has no vector. This means, if you use LiteSpeed Web Server, attackers cannot use HTTP requests to exploit the Shellshock vulnerability.

    All web servers (LSWS, Apache, NGINX, etc...), as long as Bash is vulnerable, will have CGI scripts vulnerable to this Bash bug. As the current Bash patches are incomplete, we felt it important to take the extra steps to prevent attacks from coming in.


    Overall Security

    Just because LSWS is immune does not mean your server is completely protected. You should still continue to update Bash. Patched versions of Bash have been released that partially fix the vulnerability.


    LSWS version 4.2.16 fully protects your server from Shellshock attacks through the web server. To upgrade the litespeed version, please run the below command and this will upgrade the litespeed to 4.2.16

    Code:
    /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.16




Working...
X