CVE-2018-11652 nikto: arbitray OS command injection via http server field. - linux/meta-security.git - Mirror of git.yoctoproject.org/meta-security.git

diff options

author	Nagalakshmi Veeramallu <nveeramallu@mvista.com>	2018-06-29 15:38:25 +0530
committer	Armin Kuster <akuster808@gmail.com>	2018-07-03 15:35:17 -0700
commit	ca3fbcd57d0f66ef710c2c0b78a1d416d4aec653 (patch)
tree	11dd0fb5e2b4e338756cd94d8a9e5d0f51e44e5c /recipes-security/AppArmor
parent	c0f7429d0a56bdb56e296c1758c258af47c4ec60 (diff)
download	meta-security-pyro.tar.gz

CVE-2018-11652 nikto: arbitray OS command injection via http server field.pyro

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>

Diffstat (limited to 'recipes-security/AppArmor')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: