Published: 13/02/2018 Updated: 09/06/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an malicious user to get Access to JMeterEngine and send unauthorized code.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheJmeter2.1, 2.2, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4, 2.5, 2.5.1, 2.6, 2.7, 2.8, 2.9, 2.10, 2.11, 2.12, 2.13, 3.0, 3.1, 3.2, 3.3

Vendor Advisories

Debian Bug report logs - #897259 CVE-2018-1297 Package: src:jakarta-jmeter; Maintainer for src:jakarta-jmeter is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 30 Apr 2018 22:39:02 UTC Severity: important Tags: fixed-upstream, securi ...

Github Repositories

Apache Jmeter 反序列化 描述 Apache Jmeter是一款旨在为负载测试功能行为和测量性能的开源的Java应用程序。 Apache JMeter在分布式模式下使用不安全的RMI连接存在远程命令执行漏洞,攻击者可利用漏洞执行任意命令。 Apache JMeter uses an unsecure RMI connection in Distributed mode When using Distributed Test only (RMI

Twitter: @Hktalent3135773 see Pro online to 51pwncom, or exploit-poccom penetration tools dependencies Command Description kali linux recommend system node js program runtime javac、java auto generate payload metasploit auto generate payload,and autoexploit gcc auto generate payload tmux auto background send payload, shell

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile BitBake Bro C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask