PT-2018-11503 · Apache+1 · Apache Jmeter+1

Published

2018-02-13

Updated

2022-05-13

CVE-2018-1297

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache JMeter versions 2.x through 3.x

Description The issue concerns an unsecured RMI connection used by Apache JMeter when Distributed Test is enabled. This could potentially allow an attacker to access JMeterEngine and send unauthorized code.

Recommendations For Apache JMeter versions 2.x through 3.x, consider securing the RMI connection to prevent unauthorized access. As a temporary workaround, restrict the use of Distributed Test mode until a secure connection can be established.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2018-1297

GHSA-7V85-6HV2-RWGW

Affected Products

Apache Jmeter

Debian

PT-2018-11503 · Apache+1 · Apache Jmeter+1

CVE-2018-1297

Weakness Enumeration

Related Identifiers

Affected Products

References · 18