Sam Gleske created MNG-6683:
-------------------------------
Summary: Maven Central returns 200 status for Nexus vulnerability
page
Key: MNG-6683
URL: https://issues.apache.org/jira/browse/MNG-6683
Project: Maven
Issue Type: Bug
Reporter: Sam Gleske
My on-site Nexus instance is caching artifacts with a SHA1 checksum
304aee16ce585ea362af56fe4044e9aa3ad0a84d.
Contents of the page is
{noformat}
Forbidden
Access to the Central Repository has been temporarily blocked
You've been identified as running a version of Nexus Repository Manager that is
vulnerable to botnet exploitation [1]
It is strongly advised that you upgrade Nexus Repository Manager to the latest
version, currently 3.16.2. Please visit the Sonatype NXRM download page [2]
For further information on the vulnerability, affected versions, and
remediation paths, please our official announcement at [3]{noformat}
Links
#
[https://community.sonatype.com/t/botnet-exploitation-of-nxrm-up-to-3-14-0/1993]
# [https://help.sonatype.com/repomanager3/download]
#
[https://community.sonatype.com/t/botnet-exploitation-of-nxrm-up-to-3-14-0/1993]
h2. Issue
Because Maven Central returns a 200 status for the vulnerability "Forbidden"
page our Nexus instance is caching a lot of junk artifacts. We've since
upgraded to a non-vulnerable Nexus but it seems Central is still returning the
"Forbidden" error page.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
