Lucene search
GoogleOSV:GHSA-7V85-6HV2-RWGWHistoryMay 13, 2022 - 1:49 a.m.
Missing certificate validation in Apache JMeter
2022-05-1301:49:41
Google
osv.dev
10
0.004 Low
EPSS
Percentile
73.5%
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
References
mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E
bz.apache.org/bugzilla/show_bug.cgi?id=62039
github.com/apache/jmeter
github.com/apache/jmeter/issues/4677
lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-1297
Related
osv
osv
CVE-2018-1297
2018-02-13 12:29:00
cve
cve
CVE-2018-1297
2018-02-13 12:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-02-13 12:52:40
ubuntucve
ubuntucve
CVE-2018-1297
2018-02-13 00:00:00
github
github
Missing certificate validation in Apache JMeter
2022-05-13 01:49:41
prion
prion
Code injection
2018-02-13 12:29:00
nvd
nvd
CVE-2018-1297
2018-02-13 12:29:00
pentestit
pentestit
Apache JMeter RMI Code Execution PoC (CVE-2018-1297)
2018-04-06 06:05:50
Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC
2019-07-24 23:37:30
cvelist
cvelist
CVE-2018-1297
2018-02-11 00:00:00
debiancve
debiancve
CVE-2018-1297
2018-02-13 12:29:00
