Missing certificate validation in Apache JMeter

🗓️ 13 May 2022 01:41:49Reported by GitHub Advisory DatabaseType

Missing certificate validation in Apache JMeter when using unsecured RMI connection, potentially allowing unauthorized access and code executio

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
Veracode	Remote Code Execution (RCE)	13 Feb 201812:52	–	veracode
OSV	CVE-2018-1297	13 Feb 201812:29	–	osv
OSV	GHSA-7V85-6HV2-RWGW Missing certificate validation in Apache JMeter	13 May 202201:49	–	osv
OSV	UBUNTU-CVE-2018-1297	13 Feb 201812:29	–	osv
CVE	CVE-2018-1297	13 Feb 201812:29	–	cve
Cvelist	CVE-2018-1297	13 Feb 201812:00	–	cvelist
Debian CVE	CVE-2018-1297	13 Feb 201812:29	–	debiancve
pentestit	Apache JMeter RMI Code Execution PoC (CVE-2018-1297)	6 Apr 201806:05	–	pentestit
pentestit	Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC	24 Jul 201923:37	–	pentestit
Prion	Code injection	13 Feb 201812:29	–	prion

Vulners

Node

org.apache.jmeter apachejmeterRange<4.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-1297
bz	www.bz.apache.org/bugzilla/show_bug.cgi
lists	www.lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E
mail-archives	www.mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E
github	www.github.com/apache/jmeter/issues/4677
github	www.github.com/advisories/GHSA-7v85-6hv2-rwgw

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:49Current

4.1Medium risk

Vulners AI Score4.1

CVSS27.5

CVSS39.8

EPSS0.24073

CWE-319