Summary
Artifactory is prone to a remote code-execution vulnerability.
Impact
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the user running the affected application.
Solution
Update to Artifactory 3.1.1.1
Insight
Artifactory prior to version 3.1.1.1 using a XStream library which is prone to a remote code execution vulnerability.
Affected
Artifactory < 3.1.1.1
Detection
Check the installed version.
References
Severity
Classification
-
CVE CVE-2013-7285 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability