[Bug 1095721] CVE-2018-11652: CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackersto inject arbitrary OS commands via the Server field in an HTTP response header,which is directly injected into a CSV report.

4 Jun 2018

      http://bugzilla.suse.com/show_bug.cgi?id=1095721
http://bugzilla.suse.com/show_bug.cgi?id=1095721#c1

Karol Babioch <kbabioch@suse.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |kbabioch@suse.com
         Resolution|---                         |FIXED

--- Comment #1 from Karol Babioch <kbabioch@suse.com> ---
Fixed for security/nikto with sr#613931. Not in any distribution.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1095721] CVE-2018-11652: CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackersto inject arbitrary OS commands via the Server field in an HTTP response header,which is directly injected into a CSV report.

bugzilla_noreply＠novell.com