Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Jmeter 代码问题漏洞
Vulnerability Description
Apache Jmeter是美国阿帕奇(Apache)软件基金会的一套使用Java语言编写的用于压力测试和性能测试的开源软件。 Apache Jmeter 4.0版本和5.0版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意的代码/命令。
CVSS Information
N/A
Vulnerability Type
N/A