Описание
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
Ссылки
- Mailing ListVendor Advisory
- Issue TrackingVendor Advisory
- Mailing ListVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:jmeter:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.10:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.10:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc4:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.3:rc1:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23187
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 8 лет назад
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
CVSS3: 9.8
debian
почти 8 лет назад
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...
CVSS3: 9.8
github
больше 3 лет назад
Missing certificate validation in Apache JMeter
EPSS
Процентиль: 96%
0.23187
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-319