CVE-2018-11652 — CRITICAL (9.8)

Q: How severe is CVE-2018-11652?

CVE-2018-11652 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-11652?

Check the references section above for vendor advisories and patch information. Affected products include: Cirt.Net Nikto.

Vulnerability Description

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cirt.Net	Nikto	<= 2.1.6

Related Weaknesses (CWE)

CWE-1236

References

https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7PatchThird Party Advisory
https://www.exploit-db.com/exploits/44899/ExploitThird Party AdvisoryVDB Entry
https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7PatchThird Party Advisory
https://www.exploit-db.com/exploits/44899/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-11652?

CVE-2018-11652 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV re...

How severe is CVE-2018-11652?

CVE-2018-11652 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-11652?

Check the references section above for vendor advisories and patch information. Affected products include: Cirt.Net Nikto.