CVE-2021-21346
- EPSS 3.97%
- Veröffentlicht 23.03.2021 00:15:12
- Zuletzt bearbeitet 23.05.2025 17:41:29
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...
CVE-2019-0187
- EPSS 0.64%
- Veröffentlicht 06.03.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:26
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserializati...
CVE-2018-1287
- EPSS 1.39%
- Veröffentlicht 14.02.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:33
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
CVE-2018-1297
- EPSS 23.19%
- Veröffentlicht 13.02.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:34
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.