VDB
CVE-2018-11652
CVE-2018-11652
PUBLISHED
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
EPSS 33.59% · 97.0th percentile
Risk Scores
EPSS Score
33.59%
97.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | nikto | 0, 1:2.1.5-2 |
| Ubuntu:16.04:LTS | nikto | 0, * |
Timeline
- Jun 1, 2018 CVE Published
- Jun 18, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-11652 third-party-advisory
- https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-11652 third-party-advisory