64 matches found
Apache JMeter < 5.1 Unauthenticated Remote Code Execution Vulnerability
One or more versions of Apache JMeter discovered on the remote host is affected by an unauthenticated remote code execution vulnerability which is possible when JMeter is used in distributed mode. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
GHSA-WG37-7MRV-CFWM Unauthenticated Remote Code Execution in Apache JMeter
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.9), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.8.1) +6 more potentially affected by CVE-2019-0187 via org.apache.jmeter:ApacheJMeter (>=2.6 <=5.0)
org.apache.jmeter:ApacheJMeter MAVEN version =2.6, =1.3.1-2.6, =1.4, =1.0.7-3.0-BETA, =1.0.7-3.0-BETA, =6.3.0, =6.2.0, =6.6.0 Source cves: CVE-2019-0187 Source advisory: OSV:GHSA-WG37-7MRV-CFWM...
Unauthenticated Remote Code Execution in Apache JMeter
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
Deserialization of untrusted data
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
UBUNTU-CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
DEBIAN-CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...
CVE-2019-0187
Apache JMeter in distributed mode (-r/-R) is affected by CVE-2019-0187, enabling unauthenticated remote code execution via a RemoteJMeterEngine over RMI using untrusted data deserialization. The issue is limited to tests running in Distributed mode; pre-4.0 versions do not encrypt traffic between...
Remote Code Execution (RCE)
ApacheJMetercore is vulnerable to remote code execution RCE. The vulnerability exists due to a lack of client authentication when Apache JMeter is configured in a distributed mode, allowing an attacker to perform arbitrary deserialization of untrusted data which will lead to arbitrary code...
Apache Jmeter Remote Code Execution Vulnerability
Apache Jmeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A remote code execution vulnerability exists in Apache Jmeter versions 4.0 and 5.0. A remote attacker can exploit this...
au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +635 more potentially affected by CVE-2016-4216 via com.adobe.xmp:xmpcore (>=5.1.0 <=5.1.2)
com.adobe.xmp:xmpcore MAVEN version =5.1.0, =1.0.1, =2.2.2, =2.2.2, =2.2.2, =3.6.1, =3.11.0, =2.0.8, =1.1, =0.3, =0.2, =0.6, =0.8 - com.blazemeter:jmeter-plugins-rotating-listener =0.2 - com.blazemeter:jmeter-plugins-senseuploader =3.5 and more Source cves: CVE-2016-4216 Source advisory:...
biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4) +632 more potentially affected by CVE-2016-4434 via org.apache.tika:tika-core (>=0.4 <=1.12)
org.apache.tika:tika-core MAVEN version =0.4, =4.2.0, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-4434 Source advisory: OSV:GHSA-4XR4-4C65-HJ7F...
LocalTapiola: DoS of www.lahitapiolarahoitus.fi via CVE-2018-6389 exploitation
Description There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...
Apache JMeter RMI Code Execution PoC (CVE-2018-1297)
PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...
Apache JMeter Security Bypass Vulnerability
Apache JMeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A security vulnerability exists in Apache JMeter. An attacker can exploit the vulnerability to gain access to JMeterEngine an...