CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Gentoo Security Scout Florian Schuhmacher
CCing treecleaner. Outstanding vulnerability, seems not to have been maintained since the switch to Git, and seems to be better maintained in the Pentoo overlay anyway.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4991a1dcb87ab368378065254e27bd4331a212c commit e4991a1dcb87ab368378065254e27bd4331a212c Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-03 07:38:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-04 02:43:09 +0000 profiles/package.mask: last-rite net-analyzer/nikto Bug: https://bugs.gentoo.org/658448 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=734a83031a6028c1dc508e0d7e0b140e71bc7134 commit 734a83031a6028c1dc508e0d7e0b140e71bc7134 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-09-04 00:06:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-09-04 00:06:28 +0000 net-analyzer/nikto: remove last-rited pkg Bug: https://bugs.gentoo.org/658448 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/nikto/Manifest | 1 - net-analyzer/nikto/metadata.xml | 5 --- net-analyzer/nikto/nikto-2.1.6_p20180122.ebuild | 53 ------------------------- profiles/package.mask | 6 --- 4 files changed, 65 deletions(-)
Removed from tree.
