DEBIAN-CVE-2018-11652

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-11652

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-11652.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-11652

Upstream

CVE-2018-11652

Published

2018-06-01T15:29:00.517Z

Modified

2025-11-20T10:13:29.070861Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

References

https://security-tracker.debian.org/tracker/CVE-2018-11652

Affected packages

Debian:11 / nikto

Package

Name: nikto
Purl: pkg:deb/debian/nikto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1.5-3

Affected versions

1.*

1.32-1

1.34-1

1.35-1

1.35-1.1

1.35-2

2.*

2.02-1

2.03-1

2.03-2

1:2.*

1:2.1.1-1

1:2.1.4-1

1:2.1.4-2

1:2.1.5-1

1:2.1.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-11652.json"

Debian:12 / nikto

Package

Name: nikto
Purl: pkg:deb/debian/nikto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1.5-3

Affected versions

1.*

1.32-1

1.34-1

1.35-1

1.35-1.1

1.35-2

2.*

2.02-1

2.03-1

2.03-2

1:2.*

1:2.1.1-1

1:2.1.4-1

1:2.1.4-2

1:2.1.5-1

1:2.1.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-11652.json"

Debian:13 / nikto

Package

Name: nikto
Purl: pkg:deb/debian/nikto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1.5-3

Affected versions

1.*

1.32-1

1.34-1

1.35-1

1.35-1.1

1.35-2

2.*

2.02-1

2.03-1

2.03-2

1:2.*

1:2.1.1-1

1:2.1.4-1

1:2.1.4-2

1:2.1.5-1

1:2.1.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-11652.json"

Debian:14 / nikto

Package

Name: nikto
Purl: pkg:deb/debian/nikto?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1.5-3

Affected versions

1.*

1.32-1

1.34-1

1.35-1

1.35-1.1

1.35-2

2.*

2.02-1

2.03-1

2.03-2

1:2.*

1:2.1.1-1

1:2.1.4-1

1:2.1.4-2

1:2.1.5-1

1:2.1.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-11652.json"