iBearcat/CVE-2018-1297: Apache Jmeter RMI 反序列化
2018-03-10 22:20:15 Author: github.com(查看原文) 阅读量:118 收藏

Join GitHub today

GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.

Sign up

README.md

描述

Apache Jmeter是一款旨在为负载测试功能行为和测量性能的开源的Java应用程序。

Apache JMeter在分布式模式下使用不安全的RMI连接存在远程命令执行漏洞,攻击者可利用漏洞执行任意命令。

Apache JMeter uses an unsecure RMI connection in Distributed mode

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

漏洞编号

CVE-2018-1297

CNVD-2018-03472

威胁等级

高危

影响版本

Apache JMeter 2.x

Apache JMeter 3.x

演示

exploit

修复建议

目前没有详细的解决方案提供。

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1297

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g@mail.gmail.com%3E

http://www.cnvd.org.cn/flaw/show/CNVD-2018-03472

https://www.secfree.com/article-734.html


文章来源: https://github.com/iBearcat/CVE-2018-1297
如有侵权请联系:admin#unsafe.sh