Lucene search

Ubuntu.comUB:CVE-2014-0792

HistoryJan 17, 2014 - 12:00 a.m.

CVE-2014-0792

2014-01-1700:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create
arbitrary objects and execute arbitrary code via unspecified vectors
related to unmarshalling of unintended Object types.

Notes

Author	Note
sarnold	I’m unclear on the relationship between Maven Indexer and Sonatype Nexus; so I’m marking maven-indexer as an involved package because I haven’t seen any information to the contrary. More research is needed.

References

www.sonatype.org/advisories/archive/2014-01-13-Nexus

launchpad.net/bugs/cve/CVE-2014-0792

nvd.nist.gov/vuln/detail/CVE-2014-0792

security-tracker.debian.org/tracker/CVE-2014-0792

sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist

support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability

www.cve.org/CVERecord?id=CVE-2014-0792

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for UB:CVE-2014-0792