EUVD-2022-4306

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get...

GHSA-7V85-6HV2-RWGW Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.13), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.10.1) +7 more potentially affected by CVE-2018-1287 via org.apache.jmeter:ApacheJMeter (>=2.10 <=3.3)

org.apache.jmeter:ApacheJMeter MAVEN version =2.10, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.0.0-2.13, =0.6.2beta3-2.13, =0.6.2beta3-2.13, =6.3.0, =6.2.0, =6.10.0 Source cves: CVE-2018-1287 Source advisory: OSV:GHSA-J7J7-G4WW-PXG5...

GHSA-J7J7-G4WW-PXG5 Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

Sifchain: Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation

There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...

GHSA-WG37-7MRV-CFWM Unauthenticated Remote Code Execution in Apache JMeter

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

Unauthenticated Remote Code Execution in Apache JMeter

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.13), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.10.1) +9 more potentially affected by CVE-2019-0187 via org.apache.jmeter:ApacheJMeter (>=2.10 <=5.0)

org.apache.jmeter:ApacheJMeter MAVEN version =2.10, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.0.0-2.13, =0.6.2beta3-2.13, =0.6.2beta3-2.13, =6.3.0, =6.2.0, =6.10.0 Source cves: CVE-2019-0187 Source advisory: OSV:GHSA-WG37-7MRV-CFWM...

Remote Code Execution (RCE)

ApacheJMetercore is vulnerable to remote code execution RCE. The vulnerability exists due to a lack of client authentication when Apache JMeter is configured in a distributed mode, allowing an attacker to perform arbitrary deserialization of untrusted data which will lead to arbitrary code...

Apache Jmeter Remote Code Execution Vulnerability

Apache Jmeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A remote code execution vulnerability exists in Apache Jmeter versions 4.0 and 5.0. A remote attacker can exploit this...

LocalTapiola: DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation

Description There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...

Apache JMeter Security Bypass Vulnerability

Apache JMeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A security vulnerability exists in Apache JMeter. An attacker can exploit the vulnerability to gain access to JMeterEngine an...

Apache JMeter Detection

Binary data apachejmeterdetectwin.nbin...

Apache JMeter < 4.0 Insecure RMI Registry Binding

One or more versions of Apache JMeter discovered on the remote host is affected by a remote code execution vulnerability as a result of insecure RMI registry binding. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Apache JMeter uses an unsecure RMI connection in Distributed mode

Severity: Important Vendor: The Apache Software Foundation Versions Affected: JMeter 2.X, 3.X Description 0: When using Distributed Test only RMI based, jmeter uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect...

Remote Code Execution (RCE)

Apache JMeter is vulnerable to remote code execution RCE attacks. The library binds the RMI connection to a wildcard hostname, allowing a malicious user to inject and execute arbitrary commands through it by connecting to it...