在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-0187Apache Jmeter 安全漏洞 发布时间:2019-03-02类型:CANstatus:Candidatephase:Assigned 漏洞描述Apache Jmeter是美国阿帕奇(Apache)软件基金会的一套使用Java语言编写的用于压力测试和性能测试的开源软件。 Apache Jmeter 4.0版本和5.0版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意的代码/命令。Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论