[SECURITY] Fedora 40 Update: testng-7.8.0-5.fc40

TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality, including flexible test configuration, and distributed test running. It is designed to cover unit tests as well as functional, end-to-end, integration, etc...

K89010078: Apache vulnerabilities CVE-2018-1307, CVE-2018-1298, CVE-2018-1299, CVE-2018-1287, and CVE-2018-1297

Security Advisory Description CVE-2018-1307 In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and...

GHSA-7V85-6HV2-RWGW Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

GHSA-J7J7-G4WW-PXG5 Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...

Design/Logic Flaw

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

Code injection

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

UBUNTU-CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...