CVE-2018-11652

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11652

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11652.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11652

Downstream

ALPINE-CVE-2018-11652

DEBIAN-CVE-2018-11652

UBUNTU-CVE-2018-11652

Related

MGASA-2018-0310

Published

2018-06-01T15:29:00Z

Modified

2025-10-14T16:20:07.388723Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

References

Affected packages

Git / github.com/sullo/nikto

Affected ranges

Type: GIT
Repo: https://github.com/sullo/nikto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e759b3300aace5314fe3d30800c8bd83c81c29f7

Affected versions

2.*

2.1.6