CVE-2018-1297

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.39 % (74^th)

Affected Products 1

Advisories 1

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Weaknesses

CWE-319: Cleartext Transmission of Sensitive Information

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-02-13 12:29:00
(6 years ago)
Updated Date: 2023-11-07 02:55:55
(10 months ago)

Affected Products

Apache

Jmeter

Configuration #1

		CPE23	From	Up To
	Apache Jmeter 2.1	cpe:2.3:a:apache:jmeter:2.1
	Apache Jmeter 2.2	cpe:2.3:a:apache:jmeter:2.2
	Apache Jmeter 2.3	cpe:2.3:a:apache:jmeter:2.3
	Apache Jmeter 2.3.1	cpe:2.3:a:apache:jmeter:2.3.1
	Apache Jmeter 2.3.2	cpe:2.3:a:apache:jmeter:2.3.2
	Apache Jmeter 2.3.3	cpe:2.3:a:apache:jmeter:2.3.3
	Apache Jmeter 2.3.3 Rc1	cpe:2.3:a:apache:jmeter:2.3.3:rc1
	Apache Jmeter 2.3.3 Rc2	cpe:2.3:a:apache:jmeter:2.3.3:rc2
	Apache Jmeter 2.3.4	cpe:2.3:a:apache:jmeter:2.3.4
	Apache Jmeter 2.3.4 Rc1	cpe:2.3:a:apache:jmeter:2.3.4:rc1
	Apache Jmeter 2.3.4 Rc2	cpe:2.3:a:apache:jmeter:2.3.4:rc2
	Apache Jmeter 2.3.4 Rc3	cpe:2.3:a:apache:jmeter:2.3.4:rc3
	Apache Jmeter 2.4	cpe:2.3:a:apache:jmeter:2.4
	Apache Jmeter 2.5	cpe:2.3:a:apache:jmeter:2.5
	Apache Jmeter 2.5 Rc1	cpe:2.3:a:apache:jmeter:2.5:rc1
	Apache Jmeter 2.5 Rc2	cpe:2.3:a:apache:jmeter:2.5:rc2
	Apache Jmeter 2.5 Rc3	cpe:2.3:a:apache:jmeter:2.5:rc3
	Apache Jmeter 2.5.1	cpe:2.3:a:apache:jmeter:2.5.1
	Apache Jmeter 2.5.1 Rc1	cpe:2.3:a:apache:jmeter:2.5.1:rc1
	Apache Jmeter 2.5.1 Rc2	cpe:2.3:a:apache:jmeter:2.5.1:rc2
	Apache Jmeter 2.5.1 Rc3	cpe:2.3:a:apache:jmeter:2.5.1:rc3
	Apache Jmeter 2.6	cpe:2.3:a:apache:jmeter:2.6
	Apache Jmeter 2.6 Rc1	cpe:2.3:a:apache:jmeter:2.6:rc1
	Apache Jmeter 2.6 Rc2	cpe:2.3:a:apache:jmeter:2.6:rc2
	Apache Jmeter 2.7	cpe:2.3:a:apache:jmeter:2.7
	Apache Jmeter 2.7 Rc1	cpe:2.3:a:apache:jmeter:2.7:rc1
	Apache Jmeter 2.7 Rc2	cpe:2.3:a:apache:jmeter:2.7:rc2
	Apache Jmeter 2.7 Rc3	cpe:2.3:a:apache:jmeter:2.7:rc3
	Apache Jmeter 2.8	cpe:2.3:a:apache:jmeter:2.8
	Apache Jmeter 2.8 Rc1	cpe:2.3:a:apache:jmeter:2.8:rc1
	Apache Jmeter 2.8 Rc2	cpe:2.3:a:apache:jmeter:2.8:rc2
	Apache Jmeter 2.9	cpe:2.3:a:apache:jmeter:2.9
	Apache Jmeter 2.9 Rc1	cpe:2.3:a:apache:jmeter:2.9:rc1
	Apache Jmeter 2.9 Rc2	cpe:2.3:a:apache:jmeter:2.9:rc2
	Apache Jmeter 2.9 Rc3	cpe:2.3:a:apache:jmeter:2.9:rc3
	Apache Jmeter 2.10 Rc1	cpe:2.3:a:apache:jmeter:2.10:rc1
	Apache Jmeter 2.10 Rc2	cpe:2.3:a:apache:jmeter:2.10:rc2
	Apache Jmeter 2.11	cpe:2.3:a:apache:jmeter:2.11
	Apache Jmeter 2.11 Rc1	cpe:2.3:a:apache:jmeter:2.11:rc1
	Apache Jmeter 2.11 Rc2	cpe:2.3:a:apache:jmeter:2.11:rc2
	Apache Jmeter 2.12	cpe:2.3:a:apache:jmeter:2.12
	Apache Jmeter 2.12 Rc1	cpe:2.3:a:apache:jmeter:2.12:rc1
	Apache Jmeter 2.12 Rc2	cpe:2.3:a:apache:jmeter:2.12:rc2
	Apache Jmeter 2.13	cpe:2.3:a:apache:jmeter:2.13
	Apache Jmeter 2.13 Rc1	cpe:2.3:a:apache:jmeter:2.13:rc1
	Apache Jmeter 2.13 Rc2	cpe:2.3:a:apache:jmeter:2.13:rc2
	Apache Jmeter 3.0	cpe:2.3:a:apache:jmeter:3.0
	Apache Jmeter 3.0 Rc1	cpe:2.3:a:apache:jmeter:3.0:rc1
	Apache Jmeter 3.0 Rc2	cpe:2.3:a:apache:jmeter:3.0:rc2
	Apache Jmeter 3.0 Rc3	cpe:2.3:a:apache:jmeter:3.0:rc3
	Apache Jmeter 3.0 Rc4	cpe:2.3:a:apache:jmeter:3.0:rc4
	Apache Jmeter 3.0 Rc5	cpe:2.3:a:apache:jmeter:3.0:rc5
	Apache Jmeter 3.1	cpe:2.3:a:apache:jmeter:3.1
	Apache Jmeter 3.1 Rc1	cpe:2.3:a:apache:jmeter:3.1:rc1
	Apache Jmeter 3.1 Rc2	cpe:2.3:a:apache:jmeter:3.1:rc2
	Apache Jmeter 3.1 Rc3	cpe:2.3:a:apache:jmeter:3.1:rc3
	Apache Jmeter 3.1 Rc4	cpe:2.3:a:apache:jmeter:3.1:rc4
	Apache Jmeter 3.2	cpe:2.3:a:apache:jmeter:3.2
	Apache Jmeter 3.2 Rc1	cpe:2.3:a:apache:jmeter:3.2:rc1
	Apache Jmeter 3.2 Rc2	cpe:2.3:a:apache:jmeter:3.2:rc2
	Apache Jmeter 3.2 Rc3	cpe:2.3:a:apache:jmeter:3.2:rc3
	Apache Jmeter 3.3	cpe:2.3:a:apache:jmeter:3.3
	Apache Jmeter 3.3 Rc1	cpe:2.3:a:apache:jmeter:3.3:rc1