Apache JMeter is vulnerable to remote code execution (RCE) attacks. The library binds the RMI connection to a wildcard hostname, allowing a malicious user to inject and execute arbitrary commands through it by connecting to it.
CPE | Name | Operator | Version |
---|---|---|---|
apache jmeter core | le | 3.3 | |
jmeter | le | 3.1.0.1 |
mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E
www.securityfocus.com/bid/103068
bz.apache.org/bugzilla/show_bug.cgi?id=62039
lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E