Summary
This host is installed with Nexus OSS/Pro
and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow remote
attackers to disclose sensitive information.
Impact Level: Application
Solution
Upgrade to Nexus OSS/Pro version 2.11.1-01
or later. For updates refer http://www.sonatype.org.
Insight
Certain unspecified input is not properly
verified before being used to read files.
Affected
Nexus OSS/Pro versions prior to 2.11.1-01
Detection
Get the installed version of Nexus OSS/Pro
with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-9389 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- admin.cgi overflow
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability