PT-2018-11503 · Apache+1 · Apache Jmeter+1
Publicado
2018-02-13
·
Atualizado
2022-05-13
·
CVE-2018-1297
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache JMeter versions 2.x through 3.x
Description
The issue concerns an unsecured RMI connection used by Apache JMeter when Distributed Test is enabled. This could potentially allow an attacker to access JMeterEngine and send unauthorized code.
Recommendations
For Apache JMeter versions 2.x through 3.x, consider securing the RMI connection to prevent unauthorized access. As a temporary workaround, restrict the use of Distributed Test mode until a secure connection can be established.
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Jmeter
Debian