Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-0187

Опубликовано: 06 мар. 2019
Источник: debian
EPSS Низкий

Описание

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jakarta-jmeterunfixedpackage
jakarta-jmeterno-dsatrixiepackage
jakarta-jmeterno-dsabookwormpackage
jakarta-jmeterno-dsabullseyepackage
jakarta-jmeterno-dsabusterpackage
jakarta-jmeterno-dsastretchpackage
jakarta-jmeterno-dsajessiepackage

Примечания

  • https://bz.apache.org/bugzilla/show_bug.cgi?id=62743

  • http://svn.apache.org/viewvc?rev=1841383&view=rev

  • https://github.com/apache/jmeter/issues/4866

EPSS

Процентиль: 70%
0.00635
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-0187

CVSS3: 9.8
ubuntu
почти 7 лет назад

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.

nvd логотип

CVE-2019-0187

CVSS3: 9.8
nvd
почти 7 лет назад

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.

github логотип

GHSA-wg37-7mrv-cfwm

CVSS3: 9.8
github
почти 7 лет назад

Unauthenticated Remote Code Execution in Apache JMeter

EPSS

Процентиль: 70%
0.00635
Низкий