CVE-2018-1297 Vulnerability in maven package org.apache.jmeter:apachejmeter

Description

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E

https://bz.apache.org/bugzilla/show_bug.cgi?id=62039

https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E

Related Vulnerabilities

CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

CVE-2022-43422 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-utilities

CVE-2020-9492 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs-client

CVE-2023-28668 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy

CVE-2020-28052 Vulnerability in maven package bouncycastle:bcprov-jdk14

Severity

Critical

Classification

CWE-319 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H