CVE-2018-11652 nikto: arbitray OS command injection via http server field.rocko

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
author: Nagalakshmi Veeramallu <nveeramallu@mvista.com> 2018-06-29 15:38:25 +0530
committer: Armin Kuster <akuster808@gmail.com> 2018-07-03 15:33:38 -0700
commit: 74860b2b61afd033fba130044ae66567ead57aaf (patch)
tree: 447d5189a8c07933c5d91165a2839fa1a1299c6d /recipes-security/nikto/nikto_2.1.5.bb
parent: 3d4183b6b4d4ac530c232bcff338af6a9158f8df (diff)
download: meta-security-74860b2b61afd033fba130044ae66567ead57aaf.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/recipes-security/nikto/nikto_2.1.5.bb b/recipes-security/nikto/nikto_2.1.5.bb
index 8080d4a..19eb14f 100644
--- a/recipes-security/nikto/nikto_2.1.5.bb
+++ b/recipes-security/nikto/nikto_2.1.5.bb
@@ -7,7 +7,8 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
 SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \
-           file://location.patch"
+           file://location.patch \
+           file://CVE-2018-11652.patch"
 SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
 SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"
author	Nagalakshmi Veeramallu <nveeramallu@mvista.com>	2018-06-29 15:38:25 +0530
committer	Armin Kuster <akuster808@gmail.com>	2018-07-03 15:33:38 -0700
commit	74860b2b61afd033fba130044ae66567ead57aaf (patch)
tree	447d5189a8c07933c5d91165a2839fa1a1299c6d /recipes-security/nikto/nikto_2.1.5.bb
parent	3d4183b6b4d4ac530c232bcff338af6a9158f8df (diff)
download	meta-security-74860b2b61afd033fba130044ae66567ead57aaf.tar.gz

diff --git a/recipes-security/nikto/nikto_2.1.5.bb b/recipes-security/nikto/nikto_2.1.5.bb index 8080d4a..19eb14f 100644 --- a/recipes-security/nikto/nikto_2.1.5.bb +++ b/recipes-security/nikto/nikto_2.1.5.bb
@@ -7,7 +7,8 @@ LICENSE = "GPLv2"
7	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"	7	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
8		8
9	SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \	9	SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \
10	file://location.patch"	10	file://location.patch \
		11	file://CVE-2018-11652.patch"
11		12
12	SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"	13	SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
13	SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"	14	SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"