Recently, I read about a remote code execution (RCE) vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance." The CVE Mitre page does not mention a lot of details, mentioning just that - When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could Read more about Apache JMeter RMI Code Execution PoC (CVE-2018-1297)