{ "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-02-11T00:00:00", "ID": "CVE-2018-1297", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache JMeter", "version": { "version_data": [ { "version_value": "2.x" }, { "version_value": "3.x" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unauthorized code access" } ] } ] }, "references": { "reference_data": [ { "name": "[www-announce] 20180211 CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E" }, { "name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039", "refsource": "CONFIRM", "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039" }, { "refsource": "MLIST", "name": "[jmeter-issues] 20190609 [Bug 62039] [CVE-2018-1287 & CVE-2018-1297] Distributed testing : Secure RMI connection by SSL and certificate and bind to host defined \"java.rmi.server.hostname\" system property", "url": "https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E" } ] } }