CVE-2018-11652

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-11652
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11652.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-11652
Downstream
Related
Published
2018-06-01T15:29:00.517Z
Modified
2026-03-14T09:26:07.629911Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

References

Affected packages

Git / github.com/sullo/nikto

Affected ranges

Type
GIT
Repo
https://github.com/sullo/nikto
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1784b59b4994a89b0502603b0284c4f72eeba9c7
Fixed
e759b3300aace5314fe3d30800c8bd83c81c29f7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.6"
        }
    ]
}

Affected versions

2.*
2.1.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11652.json"