{"id":458247,"date":"2022-11-11T10:51:40","date_gmt":"2022-11-11T12:51:40","guid":{"rendered":"https:\/\/teknomers.com\/fr\/plusieurs-failles-de-gravite-elevee-affectent-le-logiciel-de-serveur-web-openlitespeed-largement-utilise\/"},"modified":"2022-11-11T10:51:41","modified_gmt":"2022-11-11T12:51:41","slug":"plusieurs-failles-de-gravite-elevee-affectent-le-logiciel-de-serveur-web-openlitespeed-largement-utilise","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/plusieurs-failles-de-gravite-elevee-affectent-le-logiciel-de-serveur-web-openlitespeed-largement-utilise\/","title":{"rendered":"Plusieurs failles de gravit\u00e9 \u00e9lev\u00e9e affectent le logiciel de serveur Web OpenLiteSpeed \u200b\u200blargement utilis\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Plusieurs failles de haute gravit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur Web open source OpenLiteSpeed \u200b\u200bainsi que dans sa variante d&#8217;entreprise qui pourrait \u00eatre militaris\u00e9e pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>&#8220;En encha\u00eenant et en exploitant les vuln\u00e9rabilit\u00e9s, les adversaires pourraient compromettre le serveur Web et obtenir une ex\u00e9cution de code \u00e0 distance enti\u00e8rement privil\u00e9gi\u00e9e&#8221;, Palo Alto Networks Unit 42 <a rel=\"nofollow noopener\" href=\"https:\/\/unit42.paloaltonetworks.com\/openlitespeed-vulnerabilities\/\" target=\"_blank\">a dit<\/a> dans un rapport jeudi.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/litespeedtech\/openlitespeed\" target=\"_blank\">OpenLiteSpeed<\/a>l&#8217;\u00e9dition open source de LiteSpeed \u200b\u200bWeb Server, est le sixi\u00e8me serveur Web le plus populaire, repr\u00e9sentant 1,9 million de serveurs uniques \u00e0 travers le monde.<\/p>\n<p>La premi\u00e8re des trois failles est une faille de travers\u00e9e de r\u00e9pertoire (<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/advisories\/GHSA-f532-g5cf-vhjp\" target=\"_blank\">CVE-2022-0072<\/a>score CVSS : 5,8), qui pourrait \u00eatre exploit\u00e9e pour acc\u00e9der \u00e0 des fichiers interdits dans le r\u00e9pertoire racine du web.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Serveur Web OpenLiteSpeed\" border=\"0\" data-original-height=\"611\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/1668171099_199_Plusieurs-failles-de-gravite-elevee-affectent-le-logiciel-de-serveur.jpg\" title=\"Serveur Web OpenLiteSpeed\" \/><\/div>\n<p>Les deux vuln\u00e9rabilit\u00e9s restantes (<a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/advisories\/GHSA-p42f-x6hp-xv84\" target=\"_blank\">CVE-2022-0073<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/advisories\/GHSA-p85c-c374-mg9g\" target=\"_blank\">CVE-2022-0074<\/a>scores CVSS\u00a0: 8,8) concernent un cas d&#8217;\u00e9l\u00e9vation de privil\u00e8ges et d&#8217;injection de commandes, respectivement, qui pourraient \u00eatre cha\u00een\u00e9s pour obtenir une ex\u00e9cution de code privil\u00e9gi\u00e9e.<\/p>\n<div class=\"ad_two clear\"><img decoding=\"async\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Le-service-de-phishing-de-Robin-Banks-pour-les-cybercriminels.gif\" style=\"float:left\" \/><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Un acteur malveillant qui a r\u00e9ussi \u00e0 obtenir les informations d&#8217;identification du tableau de bord, que ce soit par des attaques par force brute ou par ing\u00e9nierie sociale, pourrait exploiter la vuln\u00e9rabilit\u00e9 afin d&#8217;ex\u00e9cuter du code sur le serveur&#8221;, ont d\u00e9clar\u00e9 les chercheurs de l&#8217;unit\u00e9 42 Artur Avetisyan, Aviv Sasson, Ariel Zelivansky, et Nathaniel Quist a d\u00e9clar\u00e9 \u00e0 propos de CVE-2022-0073.<\/p>\n<p>Plusieurs versions d&#8217;OpenLiteSpeed \u200b\u200b(de 1.5.11 \u00e0 1.7.16) et de LiteSpeed \u200b\u200b(de 5.4.6 \u00e0 6.0.11) sont affect\u00e9es par les probl\u00e8mes, qui ont \u00e9t\u00e9 r\u00e9solus dans les versions <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/litespeedtech\/openlitespeed\/releases\" target=\"_blank\">1.7.16.1<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/store.litespeedtech.com\/store\/index.php?rp=\/announcements\/451\" target=\"_blank\">6.0.12<\/a> suite \u00e0 la divulgation responsable du 4 octobre 2022.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/multiple-high-severity-flaw-affect.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plusieurs failles de haute gravit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur Web open source OpenLiteSpeed \u200b\u200bainsi que dans sa variante d&#8217;entreprise qui pourrait \u00eatre militaris\u00e9e pour r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance. &#8220;En encha\u00eenant et en exploitant les vuln\u00e9rabilit\u00e9s, les adversaires pourraient compromettre le serveur Web et obtenir une ex\u00e9cution de code \u00e0 distance enti\u00e8rement [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":458248,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[14886,4168,4158,4165,4161,1053,4806,11128,4157,4159,4171,4170,2744,6816,4167,4160,4163,4162,123654,701,4172,4169,32855,1282,4166,4164,2784],"class_list":["post-458247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectent","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-elevee","tag-failles","tag-gravite","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-largement","tag-logiciel","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-openlitespeed","tag-plusieurs","tag-securite-informatique","tag-securite-internet","tag-serveur","tag-utilise","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-web"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/458247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=458247"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/458247\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/458248"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=458247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=458247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=458247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}