Apache has recently fixed a Java Deserialization vulnerability in Apache Solr. Apache Solr has a Config API which allows to configure Solr’s JMX server via an HTTP POST request. It’s possible to setup a malicious RMI server, have Config API point to this malicious RMI server and trigger a remote code execution via Apache Solr’s unsafe … Continue reading “Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)”
Tag: CVE-2019-7238
Nexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238)
Sonatype released a patch earlier this month that fixes a Remote Code Execution (RCE) vulnerability in Nexus Repository Manager 3. The vulnerability exists because Nexus Repository Manager fails to implement Access Controls properly which leads to Remote Code Execution vulnerability. This vulnerability affects Nexus Repository Manager 3.6.2 OSS/Pro versions up to and including 3.14.0. Vulnerability Analysis: … Continue reading “Nexus Repository Manager 3 Remote Code Execution Vulnerability (CVE-2019-7238)”