CVE-2018-1297

Summary

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache JMeter2.xaffected
Apache Software FoundationApache JMeter3.xaffected

Weaknesses

  • Unauthorized code access

ADP Enrichment

CVE Program Container

Additional References

References