4 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngi...
com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.9), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.8.1) +4 more potentially affected by CVE-2018-1297 via org.apache.jmeter:ApacheJMeter (>=2.6 <=3.3)
org.apache.jmeter:ApacheJMeter MAVEN version =2.6, =1.3.1-2.6, =1.4, =1.0.7-3.0-BETA, =1.0.7-3.0-BETA, =6.3.0, =6.2.0, =6.6.0 Source cves: CVE-2018-1297 Source advisory: OSV:GHSA-7V85-6HV2-RWGW...
Apache JMeter RMI Code Execution PoC (CVE-2018-1297)
PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...
CVE-2018-1297
CVE-2018-1297 affects Apache JMeter (versions 2.x and 3.x) in distributed testing mode using an unsecured RMI connection, allowing remote access to JMeterEngine and potential code execution. Exploitation details are shown in public PoCs (e.g., RMIRegistryExploit with CommonsCollections1) and repo...