cvelist/2018/1xxx/CVE-2018-1297.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@apache.org",
      "DATE_PUBLIC" : "2018-02-11T00:00:00",
      "ID" : "CVE-2018-1297",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "JMeter",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "2.x"
                              },
                              {
                                 "version_value" : "3.x"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apache Software Foundation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Unauthorized code access"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[www-announce] 20180211 CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode",
            "refsource" : "MLIST",
            "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E"
         },
         {
            "name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039",
            "refsource" : "CONFIRM",
            "url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"
         }
      ]
   }
}
- Synchronized data. 2017-12-07 15:03:50 -05:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Apache JMeter from 2018-02-11. 2018-02-13 06:32:10 -05:00			`"ASSIGNER" : "security@apache.org",`
			`"DATE_PUBLIC" : "2018-02-11T00:00:00",`
- Synchronized data. 2017-12-07 15:03:50 -05:00			`"ID" : "CVE-2018-1297",`
- Added submission from Apache JMeter from 2018-02-11. 2018-02-13 06:32:10 -05:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "JMeter",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "2.x"`
			`},`
			`{`
			`"version_value" : "3.x"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Apache Software Foundation"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-07 15:03:50 -05:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-02-13 07:02:30 -05:00			`"value" : "When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code."`
- Added submission from Apache JMeter from 2018-02-11. 2018-02-13 06:32:10 -05:00			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Unauthorized code access"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[www-announce] 20180211 CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode",`
			`"refsource" : "MLIST",`
- Added submission from Apache JMeter from 2018-02-11. 2018-02-13 06:32:10 -05:00			`"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E"`
- Synchronized data. 2018-02-13 07:02:30 -05:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-02-13 07:02:30 -05:00			`"url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"`
- Synchronized data. 2017-12-07 15:03:50 -05:00			`}`
			`]`
			`}`
			`}`