Unsecured RMI Connection Vulnerability in Apache JMeter 2.x and 3.x

Unsecured RMI Connection Vulnerability in Apache JMeter 2.x and 3.x

CVE-2018-1297 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Learn more about our Cis Benchmark Audit For Apache Http Server.