Archive for the ‘Anti-Hacking’ Category

The HTTPoxy Vulnerability has been taken care of by LiteSpeed, automatically!

Monday, July 18th, 2016


Today, HTTPoxy was discovered in the wild. This vulnerability affects some server-side web applications that run in CGI or CGI-like environments, such as some FastCGI configurations. So far, the PHP, Python, and Go languages are known to be affected by this.

The vulnerability is caused by conflicting namespaces. A CGI or FastCGI-like interface sets environment variables based on HTTP request parameters. These can override internal variables that are used to configure the application. Further explanation of this bug can be found on the httpoxy web page.


LiteSpeed Web Server Now Protected Against Shellshock

Thursday, September 25th, 2014

Shellshock“Bigger than Heartbleed.” That’s what people are saying about Shellshock (CVE-2014-6271 and CVE-2014-7169). But LiteSpeed Web Server is now the only web server protect against Shellshock. (more…)

Unique LiteSpeed Features Fight Symbolic Link Hacking

Tuesday, August 12th, 2014

Broken chain

LSWS boasts two unique features that block symlink hacks: a Follow Symbolic Link setting that cannot be overridden in .htaccess files and strict ownership checking. (more…)

LiteSpeed Security Patch to Fix Heartbleed Bug in OpenSSL

Tuesday, April 8th, 2014

heartbleed logo


LiteSpeed Web Server 4.2.9 was released this morning as a security patch to address the OpenSSL Heartbleed bug. (more…)

Closing the Loopholes: Disable CGI Override

Friday, March 15th, 2013

LiteSpeed Web Server features something that Apache does not — a way to disable CGI, permanently. (more…)