This script is Copyright (C) 2016 Tenable Network Security, Inc.
The Nexus Repository Manager server running on the remote host is
affected by a remote code execution vulnerability.
The Sonatype Nexus Repository Manager server application running on
the remote host is affected by a remote code execution vulnerability
due to unsafe deserialize calls of unauthenticated Java objects to the
Apache Commons Collections (ACC) library. An unauthenticated, remote
attacker can exploit this, by sending specially crafted Java objects
to the HTTP interface, to execute arbitrary code on the target host.
See also :
Upgrade to Sonatype Nexus Repository Manager version 2.11.2-01 or
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now