CVE-2018-1297

EPSS 10.1%

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 10.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Feb 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Affected products

Apache Software Foundation · Apache JMeter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E