Lucene search

K
ApacheJmeter

14 matches found

CVE
CVE
added 2021/03/23 12:15 a.m.411 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of serv...

7.5CVSS8.5AI score0.26466EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.409 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

9.1CVSS7.3AI score0.01024EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.407 views

CVE-2021-21343

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

7.5CVSS7.1AI score0.00702EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.359 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8AI score0.22693EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.358 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the r...

9.1CVSS8.1AI score0.90494EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.334 views

CVE-2021-21346

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.02965EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.333 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who foll...

9.9CVSS7.8AI score0.85307EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.323 views

CVE-2021-21347

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8.3AI score0.02196EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.320 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.04076EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.317 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup...

9.8CVSS8AI score0.05729EPSS
CVE
CVE
added 2021/03/23 12:15 a.m.305 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup X...

7.8CVSS7.2AI score0.00199EPSS
CVE
CVE
added 2018/02/13 12:29 p.m.80 views

CVE-2018-1297

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.24073EPSS
CVE
CVE
added 2019/03/06 5:29 p.m.78 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.3AI score0.0048EPSS
CVE
CVE
added 2018/02/14 2:29 p.m.77 views

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.01975EPSS