CVE-2018-11652 - CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary O

CVE-2018-11652

Summary

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

References

https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7
https://www.exploit-db.com/exploits/44899/

Vulnerable Configurations

cpe:2.3:a:cirt.net:nikto:*:*:*:*:*:*:*:*
cpe:2.3:a:cirt.net:nikto:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-1236

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

exploit-db	44899
misc	https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7

Last major update

24-08-2020 - 17:37

Published

01-06-2018 - 15:29

Last modified

24-08-2020 - 17:37