Lucene search
GoogleOSV:CVE-2019-0187HistoryMar 06, 2019 - 5:29 p.m.
CVE-2019-0187
2019-03-0617:29:00
Google
osv.dev
5
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.
Related
debiancve
debiancve
CVE-2019-0187
2019-03-06 17:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-03-04 06:19:06
github
github
Unauthenticated Remote Code Execution in Apache JMeter
2019-03-07 18:47:57
cve
cve
CVE-2019-0187
2019-03-06 17:29:00
osv
osv
Unauthenticated Remote Code Execution in Apache JMeter
2019-03-07 18:47:57
ubuntucve
ubuntucve
CVE-2019-0187
2019-03-06 00:00:00
nessus
nessus
Apache JMeter < 5.1 Unauthenticated Remote Code Execution Vulnerability
2019-03-08 00:00:00
prion
prion
Deserialization of untrusted data
2019-03-06 17:29:00
cvelist
cvelist
CVE-2019-0187
2019-03-06 17:00:00
nvd
nvd
CVE-2019-0187
2019-03-06 17:29:00