UBUNTU-CVE-2018-11652

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-11652

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-11652.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-11652

Upstream

CVE-2018-11652

Published

2018-06-01T15:29:00Z

Modified

2025-10-24T04:47:03Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - low

Summary

[none]

Details

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

References

Affected packages

Ubuntu:16.04:LTS / nikto

Package

Name: nikto
Purl: pkg:deb/ubuntu/nikto@1:2.1.5-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.1.5-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:2.1.5-1",
            "binary_name": "nikto"
        }
    ]
}

Ubuntu:18.04:LTS / nikto

Package

Name: nikto
Purl: pkg:deb/ubuntu/nikto@1:2.1.5-2?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.1.5-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:2.1.5-2",
            "binary_name": "nikto"
        }
    ]
}