Lucene search
+L

64 matches found

nessus
nessus
added 2019/03/08 12:0 a.m.28 views

Apache JMeter < 5.1 Unauthenticated Remote Code Execution Vulnerability

One or more versions of Apache JMeter discovered on the remote host is affected by an unauthenticated remote code execution vulnerability which is possible when JMeter is used in distributed mode. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

9.8CVSS9.1AI score0.02709EPSS
Exploits0References2
osv
osv
added 2019/03/07 6:47 p.m.30 views

GHSA-WG37-7MRV-CFWM Unauthenticated Remote Code Execution in Apache JMeter

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS5.9AI score0.02709EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2019/03/07 6:47 p.m.4 views

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.9), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.8.1) +6 more potentially affected by CVE-2019-0187 via org.apache.jmeter:ApacheJMeter (>=2.6 <=5.0)

org.apache.jmeter:ApacheJMeter MAVEN version =2.6, =1.3.1-2.6, =1.4, =1.0.7-3.0-BETA, =1.0.7-3.0-BETA, =6.3.0, =6.2.0, =6.6.0 Source cves: CVE-2019-0187 Source advisory: OSV:GHSA-WG37-7MRV-CFWM...

9.8CVSS7.7AI score0.02709EPSS
Exploits0
github
github
added 2019/03/07 6:47 p.m.29 views

Unauthenticated Remote Code Execution in Apache JMeter

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS3AI score0.02709EPSS
Exploits0References4Affected Software1
ubuntucve
ubuntucve
added 2019/03/06 5:29 p.m.24 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS7.2AI score0.02709EPSS
Exploits0References3
osv
osv
added 2019/03/06 5:29 p.m.17 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.4AI score
Exploits0References2
prion
prion
added 2019/03/06 5:29 p.m.12 views

Deserialization of untrusted data

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

7.5CVSS9.4AI score0.02709EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/03/06 5:29 p.m.25 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.5AI score0.02709EPSS
Exploits0References2
osv
osv
added 2019/03/06 5:29 p.m.4 views

UBUNTU-CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS7.3AI score0.02709EPSS
Exploits0References4
osv
osv
added 2019/03/06 5:29 p.m.1 views

DEBIAN-CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS6.9AI score0.02709EPSS
Exploits0References1
debiancve
debiancve
added 2019/03/06 5:0 p.m.53 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.5AI score0.02709EPSS
Exploits0
cvelist
cvelist
added 2019/03/06 5:0 p.m.31 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.5AI score0.02709EPSS
Exploits0References2
cve
cve
added 2019/03/06 5:0 p.m.104 views

CVE-2019-0187

Apache JMeter in distributed mode (-r/-R) is affected by CVE-2019-0187, enabling unauthenticated remote code execution via a RemoteJMeterEngine over RMI using untrusted data deserialization. The issue is limited to tests running in Distributed mode; pre-4.0 versions do not encrypt traffic between...

9.8CVSS9.3AI score0.02709EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2019/03/04 6:19 a.m.21 views

Remote Code Execution (RCE)

ApacheJMetercore is vulnerable to remote code execution RCE. The vulnerability exists due to a lack of client authentication when Apache JMeter is configured in a distributed mode, allowing an attacker to perform arbitrary deserialization of untrusted data which will lead to arbitrary code...

9.8CVSS9.8AI score0.02709EPSS
Exploits0References6Affected Software2
cnvd
cnvd
added 2019/03/04 12:0 a.m.39 views

Apache Jmeter Remote Code Execution Vulnerability

Apache Jmeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A remote code execution vulnerability exists in Apache Jmeter versions 4.0 and 5.0. A remote attacker can exploit this...

9.8CVSS8.5AI score0.02709EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2018/10/19 4:39 p.m.5 views

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +635 more potentially affected by CVE-2016-4216 via com.adobe.xmp:xmpcore (>=5.1.0 <=5.1.2)

com.adobe.xmp:xmpcore MAVEN version =5.1.0, =1.0.1, =2.2.2, =2.2.2, =2.2.2, =3.6.1, =3.11.0, =2.0.8, =1.1, =0.3, =0.2, =0.6, =0.8 - com.blazemeter:jmeter-plugins-rotating-listener =0.2 - com.blazemeter:jmeter-plugins-senseuploader =3.5 and more Source cves: CVE-2016-4216 Source advisory:...

7.5CVSS7AI score0.03631EPSS
Exploits0
vulnersosv
vulnersosv
added 2018/10/17 3:44 p.m.11 views

biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)

org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...

7.8CVSS7.2AI score0.03449EPSS
Exploits0
hackerone
hackerone
added 2018/04/09 9:10 p.m.442 views

LocalTapiola: DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation

Description There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...

5CVSS0.2AI score0.73098EPSS
Exploits11
pentestit
pentestit
added 2018/04/06 6:5 a.m.410 views

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...

7.5CVSS9.7AI score0.10096EPSS
Exploits0
cnvd
cnvd
added 2018/02/26 12:0 a.m.5 views

Apache JMeter Security Bypass Vulnerability

Apache JMeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A security vulnerability exists in Apache JMeter. An attacker can exploit the vulnerability to gain access to JMeterEngine an...

9.8CVSS7AI score0.03416EPSS
Exploits0References1
Rows per page
Query Builder