Published: 03/09/2019 Updated: 09/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sonatype nexus repository manager

CVE-2019-5475-Nexus-Repository-Manager- Payload PUT /nexus/service/siesta/capabilities/xxxxxxxxx HTTP/11 Host: xxxxxxxxcom User-Agent: Accept: application/json,application/vndsiesta-error-v1+json,application/vndsiesta-validation-errors-v1+json Accept-Language: zh-CN,zh;q=08,zh-TW;q=07,zh-HK;q=05,en-US;q=03,en;q=02 Accept-Encoding: gzip, deflate X-Nexus-UI: true Conte

CVE-2019-5475-EXP 【Nexus Repository Manager 2.x远程命令执行漏洞】

CVE-2019-5475-EXP CVE-2019-5475-EXP 【Nexus Repository Manager 2x远程命令执行漏洞】漏洞名称： Nexus Repository Manager 2x远程命令执行漏洞漏洞描述： Nexus Repository Manager 2X存在远程命令执行漏洞，该漏洞默认存在部署权限账号，成功登录后可使用“createrepo”或“mergerepo”自定义配置，可�

CVE-2019-5475 靶场： RCE 命令注入漏洞

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞，其最早被披露于 hackerone，但因官方第一次修复不完整，故又衍生出了 CVE-2019-15588 漏洞。这两个漏洞都需要以 admin 身份登录后才可以利用，但是 nexus 默

CVE-2019-15588 靶场： RCE 命令注入漏洞

CVE-2019-15588 CVE-2019-15588 靶场： RCE 命令注入漏洞 Merged into githubcom/lyy289065406/CVE-2019-5475

CWE-78 https://hackerone.com/reports/654888 https://nvd.nist.gov https://github.com/jaychouzzk/CVE-2019-5475-Nexus-Repository-Manager-https://github.com/rabbitmask/CVE-2019-5475-EXP

CVE-2019-5475

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect