CVE-2018-1297

CWE-319Cleartext Transmission6 documents5 sources
Severity
9.8CRITICAL
EPSS
18.0%
top 4.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache JmeterApache Jmeter
Timeline
PublishedFeb 13
Latest updateMay 13

Description

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/jmeter22 versions+21

🔴Vulnerability Details

4
GHSA
Missing certificate validation in Apache JMeter2022-05-13
OSV
Missing certificate validation in Apache JMeter2022-05-13
CVEList
CVE-2018-1297: When using Distributed Test only (RMI based), Apache JMeter 22018-02-13
OSV
CVE-2018-1297: When using Distributed Test only (RMI based), Apache JMeter 22018-02-13

📋Vendor Advisories

1
Debian
CVE-2018-1297: jakarta-jmeter - When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an ...2018