Siddesh BG's Build Release Config mgmt Blog

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 30 August 2012

Security vulnerabilities in Nexus Pre-2.1 releases

Posted on 04:32 by Unknown

Sonatype posted security vulnerabilities in Nexus releases prior to 2.1 and recommending upgrade to latest release (i.e. 2.1)
We areusing the nexus version  2.0.6 OSS. Considering this alert, I’m planning to upgrade soon.

Here is the quote from sonatype
“Unless you want to risk exposing a secure credential, get hacked via some XML, or suffer a denial of service attack via our Artifactory bridge, you probably want to upgrade to Nexus 2.1 right now.”

Refer the link http://www.sonatype.com/people/2012/08/dogfooding-sonatype-insight-we-found-vulnerabilities-in-nexus/#more-11947for details.

I hope they are not marketing Sonatype Insight with this alert J
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Unable to resolve target system name - a DNS problem
    I was not able to ping to any machines from my Windows 2003 server. I did following steps to debug & resolve the issue, which was relate...
  • Installing and configuring Fortify on Linux and Windows machines
    Installing Fortify on Linux (RHEL 5 32 bit) Download Fortify archive Fortify-360-2.6.5-Analyzers_and_Apps-Linux-x86.tar.gz and extract it to...
  • AIX: make: 1254-055 Dependency line needs colon or double
    We get this compilation issue "make: 1254-055 Dependency line needs colon or double" while compiling C/C++ code in AIX machines. I...
  • Solution to Project Euler Problem 10 - Find the sum of all the primes below two million
    http://projecteuler.net/problem=10 Problem The sum of the primes below 10 is 2 + 3 + 5 + 7 = 17. Find the sum of all the primes below two mi...
  • fortifyclient uploadFPR An internal error has occurred
    When you try to upload a .fpr file to Fortify 360 server and you get the below mentioned error. Then, this blog provides one of the route ca...
  • Posting a JIRA bug using Perl Mechanize
    Perl provides modules which can be used as command line browser to automate tasks dependent on web pages. Among them LWP and mechanize are i...
  • What is Apache Hadoop?
    Newbies can get a clean and simple introduction to Hadoop from the following Pivotal blog posts 1)  Demystifying Apache Hadoop in 5 Pictures...
  • Perforce - can't edit exclusive file already opened
    In perforce, whenever a binary file like doc, xls or ppt files are checked out, it is opened in exclusive lock mode. So no other person can ...
  • 0509-036 Cannot load program p4 because of the following errors
    Here is the full description of error ............ bash-3.00# p4 info exec(): 0509-036 Cannot load program p4 because of the following error...
  • Fortify report templates using ReportGenerator
    Fortify Static Code Analysis Tool allows us to create scan reports using command line utility ReportGenerator. By default ReportGenerator cr...

Categories

  • AIX
  • AIX ssh
  • ANT
  • apache
  • appliance
  • awk
  • branching
  • build-failures
  • cgi-perl
  • code-signing
  • commands
  • continuous Integration
  • cvs
  • cygwin
  • DNS
  • Drupal
  • EPM
  • euler
  • Fortify
  • hadoop
  • hpux
  • html
  • InstallShield
  • iptables
  • iso
  • jenkins-hudson
  • Jira
  • kiwi
  • linux
  • Makefile
  • maven
  • Miscellaneous
  • mysql
  • nexus
  • NFS
  • package
  • Perforce
  • Perl
  • php
  • rbuilder
  • rpath
  • rpm
  • rsync
  • Solaris
  • ssh
  • SuseStudio
  • tinderbox
  • unix
  • Visual studio 2008
  • vmware
  • war
  • webserver
  • wget
  • windows
  • xterm

Blog Archive

  • ►  2013 (12)
    • ►  December (1)
    • ►  July (2)
    • ►  April (2)
    • ►  March (2)
    • ►  February (3)
    • ►  January (2)
  • ▼  2012 (43)
    • ►  December (2)
    • ►  November (1)
    • ►  October (4)
    • ►  September (7)
    • ▼  August (5)
      • Security vulnerabilities in Nexus Pre-2.1 releases
      • Secrets of innovation - Carmine Gallo
      • The presentation secrets of steve jobs - Carmine G...
      • How to customize MANIFEST files in WAR using Maven?
      • How to create java war (web archive) file using Ma...
    • ►  July (4)
    • ►  June (2)
    • ►  May (3)
    • ►  April (4)
    • ►  March (3)
    • ►  February (1)
    • ►  January (7)
  • ►  2011 (23)
    • ►  December (4)
    • ►  November (9)
    • ►  October (4)
    • ►  September (1)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (1)
  • ►  2010 (15)
    • ►  December (2)
    • ►  November (1)
    • ►  September (3)
    • ►  April (1)
    • ►  February (6)
    • ►  January (2)
  • ►  2009 (28)
    • ►  November (5)
    • ►  October (3)
    • ►  September (2)
    • ►  August (1)
    • ►  July (1)
    • ►  June (5)
    • ►  May (3)
    • ►  April (1)
    • ►  February (2)
    • ►  January (5)
  • ►  2008 (20)
    • ►  December (6)
    • ►  November (3)
    • ►  October (1)
    • ►  September (1)
    • ►  July (8)
    • ►  June (1)
Powered by Blogger.

About Me

Unknown
View my complete profile