Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 658448 (CVE-2018-11652) - net-analyzer/nikto: CSV injection via the Server field in an HTTP response header
Summary: net-analyzer/nikto: CSV injection via the Server field in an HTTP response he...
Status: IN_PROGRESS
Alias: CVE-2018-11652
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/sullo/nikto/commit...
Whiteboard: ~2 [upstream/ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-19 00:27 UTC by Florian Schuhmacher
Modified: 2019-04-26 23:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-06-19 00:27:21 UTC
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

Gentoo Security Scout
Florian Schuhmacher