Vulnerability CVE-2018-1297


Published: 2018-02-13

Description:
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

 References:
http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E
https://bz.apache.org/bugzilla/show_bug.cgi?id=62039

Copyright 2018, cxsecurity.com

 

Back to Top