CVE-2018-11652 nikto: arbitray OS command injection via http server field.morty

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
author: Nagalakshmi Veeramallu <nveeramallu@mvista.com> 2018-06-29 15:38:25 +0530
committer: Armin Kuster <akuster808@gmail.com> 2018-07-03 15:35:25 -0700
commit: e5cdb6bcb6c17ad72d7a406ad5adc75aef0c2790 (patch)
tree: 6f16659f6dc93eaa1fd1587f761cc5c186339f07 /recipes-security/nikto/nikto_2.1.5.bb
parent: 3d863f72641f930e10ed1b6211d66b2c3d04d306 (diff)
download: meta-security-e5cdb6bcb6c17ad72d7a406ad5adc75aef0c2790.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/recipes-security/nikto/nikto_2.1.5.bb b/recipes-security/nikto/nikto_2.1.5.bb
index 8080d4a..19eb14f 100644
--- a/recipes-security/nikto/nikto_2.1.5.bb
+++ b/recipes-security/nikto/nikto_2.1.5.bb
@@ -7,7 +7,8 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
 SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \
-           file://location.patch"
+           file://location.patch \
+           file://CVE-2018-11652.patch"
 SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
 SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"
author	Nagalakshmi Veeramallu <nveeramallu@mvista.com>	2018-06-29 15:38:25 +0530
committer	Armin Kuster <akuster808@gmail.com>	2018-07-03 15:35:25 -0700
commit	e5cdb6bcb6c17ad72d7a406ad5adc75aef0c2790 (patch)
tree	6f16659f6dc93eaa1fd1587f761cc5c186339f07 /recipes-security/nikto/nikto_2.1.5.bb
parent	3d863f72641f930e10ed1b6211d66b2c3d04d306 (diff)
download	meta-security-e5cdb6bcb6c17ad72d7a406ad5adc75aef0c2790.tar.gz

diff --git a/recipes-security/nikto/nikto_2.1.5.bb b/recipes-security/nikto/nikto_2.1.5.bb index 8080d4a..19eb14f 100644 --- a/recipes-security/nikto/nikto_2.1.5.bb +++ b/recipes-security/nikto/nikto_2.1.5.bb
@@ -7,7 +7,8 @@ LICENSE = "GPLv2"
7	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"	7	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
8		8
9	SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \	9	SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \
10	file://location.patch"	10	file://location.patch \
		11	file://CVE-2018-11652.patch"
11		12
12	SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"	13	SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
13	SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"	14	SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"