CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
References
Link | Resource |
---|---|
https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7 | Patch Third Party Advisory |
https://www.exploit-db.com/exploits/44899/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-01T15:00:00
Updated: 2018-06-20T09:57:01
Reserved: 2018-06-01T00:00:00
Link: CVE-2018-11652
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-01T15:29:00.517
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-11652
JSON object: View
Redhat Information
No data.
CWE