CVE-2018-11652 nikto: arbitray OS command injection via http server field. - linux/meta-security.git - Mirror of git.yoctoproject.org/meta-security.git

diff options

author	Nagalakshmi Veeramallu <nveeramallu@mvista.com>	2018-06-29 15:38:25 +0530
committer	Armin Kuster <akuster808@gmail.com>	2018-07-03 15:32:38 -0700
commit	1e4b45ca888188b4eb838cb29b501ee004237552 (patch)
tree	740cb0d79d0026f3e005664380d1256df1aa16ac /recipes-perl/perl/files/libwhisker2.patch
parent	646b36e36de042080f6d30f2c5d230c8ed0351e6 (diff)
download	meta-security-1e4b45ca888188b4eb838cb29b501ee004237552.tar.gz

CVE-2018-11652 nikto: arbitray OS command injection via http server field.

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>

Diffstat (limited to 'recipes-perl/perl/files/libwhisker2.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: