CVE-2018-11652 nikto: arbitray OS command injection via http server field. - linux/meta-security.git - Mirror of git.yoctoproject.org/meta-security.git

diff options

author	Nagalakshmi Veeramallu <nveeramallu@mvista.com>	2018-06-29 15:38:25 +0530
committer	Armin Kuster <akuster808@gmail.com>	2018-07-03 15:30:51 -0700
commit	a1406fe1c88308da81af907d11d21e2c03ee0c01 (patch)
tree	740cb0d79d0026f3e005664380d1256df1aa16ac /recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
parent	055100292270cc2bb706df97ca308191435babf5 (diff)
download	meta-security-a1406fe1c88308da81af907d11d21e2c03ee0c01.tar.gz

CVE-2018-11652 nikto: arbitray OS command injection via http server field.

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>

Diffstat (limited to 'recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: