CVE-2018-1297: Cleartext Transmission of Sensitive Information

February 13, 2018 (updated October 3, 2019)

When using Distributed Test only (RMI based), Apache JMeteranduses an unsecured RMI connection. This could allow an attacker to get access to JMeterEngine and send unauthorized code.

References

bz.apache.org/bugzilla/show_bug.cgi?id=62039
nvd.nist.gov/vuln/detail/CVE-2018-1297

Code Behaviors & Features

Detect and mitigate CVE-2018-1297 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →