• Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Google Dorks
  • Shodan Queries
  • Malware Sources

PenTestIT

Your source for all things Information Security!

You are here: Home / Archives for CVE-2018-1297

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

Posted: 3 weeks ago by @pentestit 2385 views
Updated: April 10, 2018 at 3:49 am

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

Recently, I read about a remote code execution (RCE) vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior and measure performance." The CVE Mitre page does not mention a lot of details, mentioning just that - When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could Read more about Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

Primary Sidebar

Recent Posts

  • List of Adversary Emulation Tools
  • UPDATE: OWASP Dependency-Check 3.1.2
  • AutoSploit = Shodan/Censys/Zoomeye + Metasploit
  • Apache JMeter RMI Code Execution PoC (CVE-2018-1297)
  • UPDATE: Prowler 2.0 Beta

Featured Post

List of Adversary Emulation Tools

List of Adversary Emulation Tools

April 15, 2018 By Black Leave a Comment

Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot’s of interest. One such word going around now-a-days is automated “adversary emulation“. Let’s first understand what this really means. Adversary emulation/simulation offers a method to test a network’s resilience against anRead more about List of Adversary Emulation Tools

Secondary Sidebar

Categories

  • Docker Security
  • Fuzzing
  • Malware Analysis
  • Open Source
  • OSINT
  • Penetration Testing
  • Reverse Engineering
  • Site News
  • Tool Updates
  • Tools
  • Vulnerability Assessment
  • Web Application Security
  • Wireless

Archives

  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017

Tags

Anchore APT2 Brute Force CloudFlare Cross-Site Scripting Cuckoo Sandbox DataSploit docker dockerscan docker scan FOCA Kali Linux Local File Inclusion malware malware analysis man-in-the-middle Metadata Metasploit Microsoft Windows MicroSploit Nmap open source OSINT OSRFramework OWASP OWASP Dependency-Check penetration testing penetration testing toolkit PowerMeta PowerShell PowerSploit python Raspberry Pi RedSnarf reverse engineering Short Post software composition analysis SQL injection Sysdig Falco vulnerability assessment Web Application Security WiFi Wireshark WordPress WPXF

Copyright © 2018 - PenTestIT | Information shared to be used for LEGAL purposes only!