Sonatype Nexus < 2.7.1 'XStream' Object Remote Code Execution Vulnerability
PVS ID: 8084 FAMILY: Web Servers RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote server contains a vulnerability that can be exploited for remote code execution.\n\nVersions of Sonatype Nexus earlier than 2.7.1 are prone to remote code execution vulnerability due to the application deserialising user-controlled XML data using the XStream library. Specifically, this issue affects 'XStream' object of the application.\n\nThe detected version of the server is : \n%L \n

Solution: The vendor has provided updates; upgrade to 2.7.1 or later.


Copyright Tenable Network Security Inc. 2014