WordPress¤Î¿Íµ¤¥×¥é¥°¥¤¥ó¡ÖLiteSpeed Cache¡×¤Ë½ÅÂç¤ÊÀȼåÀ­¤¬¤¢¤ë¤³¤È¤¬È½ÌÀ¡¢¿ôÉ´Ëü¤â¤Î¥¦¥§¥Ö¥µ¥¤¥È¤¬¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤â

¥ª¡¼¥×¥ó¥½¡¼¥¹¤Î¥Ö¥í¥°ÍÑ¥½¥Õ¥È¥¦¥§¥¢·ó¥³¥ó¥Æ¥ó¥Ä´ÉÍý¥·¥¹¥Æ¥à¤Ç¤¢¤ëWordPress¤Ï¡¢2024ǯ4·î¤Î»þÅÀ¤ÇÁ´¥¦¥§¥Ö¥µ¥¤¥È¤Î43.4¡ó¤Ç»È¤ï¤ì¤Æ¤¤¤Þ¤¹¡£¤½¤ó¤ÊWordPress¤Î¿Íµ¤¥×¥é¥°¥¤¥ó¤Ç¤¢¤ë¡ÖLiteSpeed Cache¡×¤ËÀȼå(¤¼¤¤¤¸¤ã¤¯)À­¤¬¤¢¤ê¡¢¿ôÉ´Ëü¤â¤Î¥¦¥§¥Ö¥µ¥¤¥È¤¬¾è¤Ã¼è¤é¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë¤ÈÊ󤸤é¤ì¤Þ¤·¤¿¡£

Critical Privilege Escalation in LiteSpeed Cache Plugin - Patchstack

https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites



Security Update for LiteSpeed Cache ⋆ LiteSpeed Blog

https://blog.litespeedtech.com/2024/08/21/security-update-for-litespeed-cache/

Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

https://www.wordfence.com/blog/2024/08/over-5000000-site-owners-affected-by-critical-privilege-escalation-vulnerability-patched-in-litespeed-cache-plugin/

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-millions-of-wordpress-sites-to-takeover-attacks/

LiteSpeed Cache¤ÏWordPress¤Çºî¤Ã¤¿¥¦¥§¥Ö¥µ¥¤¥È¤ò¹â®²½¤Ç¤­¤ë¥×¥é¥°¥¤¥ó¤Ç¤¢¤ê¡¢ÀìÍÑ¥µ¡¼¥Ð¡¼¥ì¥Ù¥ë¤Î¥­¥ã¥Ã¥·¥å¤ÈºÇŬ²½µ¡Ç½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¡£µ­»öºîÀ®»þÅÀ¤Ç¤Ï500Ëü·ï°Ê¾å¤Î¥¢¥¯¥Æ¥£¥Ö¤Ê¥¤¥ó¥¹¥È¡¼¥ë¤¬¤¢¤ê¡¢WordPress¤ÇºÇ¤â¿Íµ¤¤Î¤¢¤ë¥×¥é¥°¥¤¥ó¤Î¤Ò¤È¤Ä¤Ç¤¹¡£

¤½¤ó¤ÊLiteSpeed Cache¤Ë¸ºß¤¹¤ë½ÅÂç¤ÊÀȼåÀ­¤¬¡¢WordPress¤ÎÀȼåÀ­³«¼¨µ¡´Ø¤Ç¤¢¤ëPatchstack¤Î¥Ð¥°Ê󾩶â¥×¥í¥°¥é¥à¤ËÊó¹ð¤µ¤ì¤Þ¤·¤¿¡£ÀȼåÀ­¤òȯ¸«¤·¤¿¤Î¤Ï¥»¥­¥å¥ê¥Æ¥£¸¦µæ¼Ô¤Î¥¸¥ç¥ó¡¦¥Ö¥é¥Ã¥¯¥Ü¡¼¥ó»á¤Ç¡¢WordPress¤Î¥Ð¥°Ê󾩶â¤Ç¤Ï»Ë¾åºÇ¹â³Û¤È¤Ê¤ë1Ëü4400¥É¥ë(Ìó210Ëü±ß)¤â¤ÎÊ󾩶⤬»Ùʧ¤ï¤ì¤Þ¤·¤¿¡£

LiteSpeed Cache¤Ë¤Ï¥¦¥§¥Ö¥µ¥¤¥È¤Î¥­¥ã¥Ã¥·¥å¤ò¼èÆÀ¤¹¤ë¤¿¤á¡¢¥¹¥±¥¸¥å¡¼¥ë¤Ë½¾¤Ã¤Æ¥Ú¡¼¥¸¤ò¥¯¥í¡¼¥ë¤¹¤ë»ÅÁȤߤ¬¤¢¤ê¤Þ¤¹¡£¥¯¥í¡¼¥é¡¼¤Ë¤ÏÆÃÄê¤Î¥í¥°¥¤¥óID¤ò»ý¤Ä¥æ¡¼¥¶¡¼¤ò¥·¥ß¥å¥ì¡¼¥È¤¹¤ëµ¡Ç½¤¬¤¢¤ê¡¢¤³¤ì¤òÊݸ¤ë¤¿¤á¤Ë¥»¥­¥å¥ê¥Æ¥£¥Ï¥Ã¥·¥å¤¬ÍѤ¤¤é¤ì¤Æ¤¤¤Þ¤¹¡£¤·¤«¤·¡¢À¸À®¤µ¤ì¤ë¥»¥­¥å¥ê¥Æ¥£¥Ï¥Ã¥·¥å¤ÎÃͤ¬100ËüÄ̤ꤷ¤«¤Ê¤¤¤¿¤á¡¢¥Ö¥ë¡¼¥È¥Õ¥©¡¼¥¹¹¶·â¤ò»Å³Ý¤±¤ë¤³¤È¤Ç¥»¥­¥å¥ê¥Æ¥£¥Ï¥Ã¥·¥å¤òÆÃÄꤷ¡¢Ç¤°Õ¤Î¥æ¡¼¥¶¡¼ID¤Ç¿·¤·¤¤´ÉÍý¼Ô¥¢¥«¥¦¥ó¥È¤òºîÀ®¤Ç¤­¤ë¤È¤Î¤³¤È¡£

Patchstack¤Ï¡¢¤¿¤È¤¨1É䢤¿¤ê3¥ê¥¯¥¨¥¹¥È¤È¤¤¤¦Èæ³ÓŪÄ㮤ʥ֥롼¥È¥Õ¥©¡¼¥¹¹¶·â¤Ç¤â¡¢¿ô»þ´Ö¡Á1½µ´Ö¤Ç¥»¥­¥å¥ê¥Æ¥£¥Ï¥Ã¥·¥å¤ò³ä¤ê½Ð¤»¤ë¤È»ØŦ¤·¤Æ¤¤¤Þ¤¹¡£º£²óȯ¸«¤µ¤ì¤¿ÀȼåÀ­¤Ë¤Ï¡ÖCVE-2024-28000¡×¤È¤¤¤¦¼±ÊÌÈֹ椬³ä¤ê¿¶¤é¤ì¤Þ¤·¤¿¡£

ÀȼåÀ­¤ò°­ÍѤ¹¤ë¤È¡¢Ç§¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤¹¶·â¼Ô¤¬´ÉÍý¼Ô¥ì¥Ù¥ë¤Î¥¢¥¯¥»¥¹¸¢¤ò¼èÆÀ¤·¡¢¥¦¥§¥Ö¥µ¥¤¥È¤ò´°Á´¤Ë¾è¤Ã¼è¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£¹¶·â¼Ô¤Ï°­°Õ¤Î¤¢¤ë¥×¥é¥°¥¤¥ó¤Î¥¢¥Ã¥×¥í¡¼¥É¤ª¤è¤Ó¥¤¥ó¥¹¥È¡¼¥ë¡¢½ÅÍפÊÀßÄê¤ÎÊѹ¹¡¢°­°Õ¤Î¤¢¤ë¥¦¥§¥Ö¥µ¥¤¥È¤Ø¤Î¥ê¥À¥¤¥ì¥¯¥È¡¢Ë¬Ìä¼Ô¤ËÂФ¹¤ë¥Þ¥ë¥¦¥§¥¢ÇÛÉÛ¡¢¥æ¡¼¥¶¡¼¥Ç¡¼¥¿¤ÎÀà¼è¤È¤¤¤Ã¤¿¤³¤È¤¬²Äǽ¤À¤½¤¦¤Ç¤¹¡£



¤¹¤Ç¤ËLiteSpeed Cache¤Î³«È¯¥Á¡¼¥à¤Ï¤³¤ÎÀȼåÀ­¤òǧ¼±¤·¡¢2024ǯ8·î13Æü¤Ë¥ê¥ê¡¼¥¹¤·¤¿¥Ð¡¼¥¸¥ç¥ó¡Ö6.4¡×¤ÇÌäÂê¤Ï½¤Àµ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤·¤«¤·¡¢WordPress¤Î¸ø¼°¥×¥é¥°¥¤¥ó¥ê¥Ý¥¸¥È¥ê¤Î¥À¥¦¥ó¥í¡¼¥ÉÅý·×¤Ë¤è¤ë¤È¡¢°ÍÁ³¤È¤·¤Æ²áȾ¿ô¤Î¥æ¡¼¥¶¡¼¤Ï¥Ð¡¼¥¸¥ç¥ó¡Ö6.3¡×°ÊÁ°¤òÍøÍѤ·¤Æ¤ª¤ê¡¢¿ôÉ´Ëü¸Ä¤â¤Î¥¦¥§¥Ö¥µ¥¤¥È¤¬´í¸±¤Ë¤µ¤é¤µ¤ì¤Æ¤¤¤ë¤È¤Î¤³¤È¤Ç¤¹¡£