diff options
Diffstat (limited to 'network/nikto/nikto.SlackBuild')
| -rw-r--r-- | network/nikto/nikto.SlackBuild | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/network/nikto/nikto.SlackBuild b/network/nikto/nikto.SlackBuild index 118f4d949af4f..ac6cd320fe673 100644 --- a/network/nikto/nikto.SlackBuild +++ b/network/nikto/nikto.SlackBuild @@ -25,7 +25,7 @@ PRGNAM=nikto VERSION=${VERSION:-2.1.6} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -78,6 +78,13 @@ patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff # Fix path for Slackware patch -p1 --verbose < $CWD/patches/man_page.diff +# Fix CVE-2018-11652: https://nvd.nist.gov/vuln/detail/CVE-2018-11652 +# Allows remote attackers to inject arbitrary OS commands via the +# server field in an HTTP response header, which is directly +# injected into a CSV report +# PoC: https://www.exploit-db.com/exploits/44899/ +patch -p1 --verbose < $CWD/patches/CVE-2018-11652-CSV-injection.patch + # Install executable if [ "$ARCH" = "x86_64" ]; then install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto |