Lucene search

[email protected]NVD:CVE-2018-1297

HistoryFeb 13, 2018 - 12:29 p.m.

CVE-2018-1297

2018-02-1312:29:00

CWE-319

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.5%

JSON

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Affected configurations

NVD

Node

apachejmeterMatch2.1

apachejmeterMatch2.2

apachejmeterMatch2.3

apachejmeterMatch2.3.1

apachejmeterMatch2.3.2

apachejmeterMatch2.3.3

apachejmeterMatch2.3.3rc1

apachejmeterMatch2.3.3rc2

apachejmeterMatch2.3.4

apachejmeterMatch2.3.4rc1

apachejmeterMatch2.3.4rc2

apachejmeterMatch2.3.4rc3

apachejmeterMatch2.4

apachejmeterMatch2.5

apachejmeterMatch2.5rc1

apachejmeterMatch2.5rc2

apachejmeterMatch2.5rc3

apachejmeterMatch2.5.1

apachejmeterMatch2.5.1rc1

apachejmeterMatch2.5.1rc2

apachejmeterMatch2.5.1rc3

apachejmeterMatch2.6

apachejmeterMatch2.6rc1

apachejmeterMatch2.6rc2

apachejmeterMatch2.7

apachejmeterMatch2.7rc1

apachejmeterMatch2.7rc2

apachejmeterMatch2.7rc3

apachejmeterMatch2.8

apachejmeterMatch2.8rc1

apachejmeterMatch2.8rc2

apachejmeterMatch2.9

apachejmeterMatch2.9rc1

apachejmeterMatch2.9rc2

apachejmeterMatch2.9rc3

apachejmeterMatch2.10rc1

apachejmeterMatch2.10rc2

apachejmeterMatch2.11

apachejmeterMatch2.11rc1

apachejmeterMatch2.11rc2

apachejmeterMatch2.12

apachejmeterMatch2.12rc1

apachejmeterMatch2.12rc2

apachejmeterMatch2.13

apachejmeterMatch2.13rc1

apachejmeterMatch2.13rc2

apachejmeterMatch3.0

apachejmeterMatch3.0rc1

apachejmeterMatch3.0rc2

apachejmeterMatch3.0rc3

apachejmeterMatch3.0rc4

apachejmeterMatch3.0rc5

apachejmeterMatch3.1

apachejmeterMatch3.1rc1

apachejmeterMatch3.1rc2

apachejmeterMatch3.1rc3

apachejmeterMatch3.1rc4

apachejmeterMatch3.2

apachejmeterMatch3.2rc1

apachejmeterMatch3.2rc2

apachejmeterMatch3.2rc3

apachejmeterMatch3.3

apachejmeterMatch3.3rc1

References

mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E

bz.apache.org/bugzilla/show_bug.cgi?id=62039

lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.5%

JSON

Related for NVD:CVE-2018-1297

osv2 cve1 cvelist1 debiancve1 ubuntucve1 github1 veracode1 prion1 pentestit2 f51