Описание
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 1:2.1.5-3.1 |
| disco | not-affected | 1:2.1.5-3.1 |
| eoan | not-affected | 1:2.1.5-3.1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 1:2.1.5-3.1 |
| esm-apps/jammy | not-affected | 1:2.1.5-3.1 |
| esm-apps/noble | not-affected | 1:2.1.5-3.1 |
Показывать по
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote a ...
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
Уязвимость сканера безопасности веб-приложений Nikto, связанная с отсутствием нейтрализации специальных элементов во входных данных команд ОС, позволяющая нарушителю выполнить произвольные команды операционной системы
10 Critical
CVSS2
9.8 Critical
CVSS3