Published: 13/02/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an malicious user to get Access to JMeterEngine and send unauthorized code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache jmeter 2.10
apache jmeter 2.11
apache jmeter 2.12
apache jmeter 2.13
apache jmeter 2.3.3
apache jmeter 2.3.4
apache jmeter 2.5.1
apache jmeter 2.5
apache jmeter 2.6
apache jmeter 2.7
apache jmeter 2.8
apache jmeter 2.9
apache jmeter 3.0
apache jmeter 3.2
apache jmeter 3.3
apache jmeter 3.1
apache jmeter 2.1
apache jmeter 2.2
apache jmeter 2.3
apache jmeter 2.4
apache jmeter 2.3.1
apache jmeter 2.3.2

Debian Bug report logs - #897259 CVE-2018-1297 Package: src:jakarta-jmeter; Maintainer for src:jakarta-jmeter is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 30 Apr 2018 22:39:02 UTC Severity: important Tags: fixed-upstream, securi ...

Jmeter RMI 反序列化命令执行漏洞（CVE-2018-1297） Apache JMeter是美国阿帕奇（Apache）软件基金会的一套使用Java语言编写的用于压力测试和性能测试的开源软件。其2x版本和3x版本中存在反序列化漏洞，攻击者可以利用该漏洞在目标服务器上执行任意命令。漏洞环境运行漏洞环境： docker-compose

EXP for CVE-2018-1297

CVE-2018-1297 EXP for CVE-2018-1297 PS:you need download ysoserial by yourself!!! githubcom/Al1ex/ysoserial-006-SNAPSHOT-all/releases

Jmeter RMI 역직렬화 명령 실행 취약성 (CVE-2018-1297) Apache JMeter는 미국 아파치 소프트웨어 재단(American Apache Software Foundation)이 스트레스 테스트 및 성능 테스트를 위해 Java 언어로 작성한 오픈 소스 소프트웨어 세트입니다 2x 및 3x 버전에는 역직렬화 취약점이 있으며, 공격자는 이 취약점을

CWE-319 https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897259 https://nvd.nist.gov https://github.com/Al1ex/CVE-2018-1297

CVE-2018-1297

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect