CVE-2018-1297 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
apache	jmeter	2.1
apache	jmeter	2.2
apache	jmeter	2.3
apache	jmeter	2.3.1
apache	jmeter	2.3.2
apache	jmeter	2.3.3
apache	jmeter	2.3.3:rc1
apache	jmeter	2.3.3:rc2
apache	jmeter	2.3.4
apache	jmeter	2.3.4:rc1
apache	jmeter	2.3.4:rc2
apache	jmeter	2.3.4:rc3
apache	jmeter	2.4
apache	jmeter	2.5
apache	jmeter	2.5:rc1
apache	jmeter	2.5:rc2
apache	jmeter	2.5:rc3
apache	jmeter	2.5.1
apache	jmeter	2.5.1:rc1
apache	jmeter	2.5.1:rc2
apache	jmeter	2.5.1:rc3
apache	jmeter	2.6
apache	jmeter	2.6:rc1
apache	jmeter	2.6:rc2
apache	jmeter	2.7
apache	jmeter	2.7:rc1
apache	jmeter	2.7:rc2
apache	jmeter	2.7:rc3
apache	jmeter	2.8
apache	jmeter	2.8:rc1
apache	jmeter	2.8:rc2
apache	jmeter	2.9
apache	jmeter	2.9:rc1
apache	jmeter	2.9:rc2
apache	jmeter	2.9:rc3
apache	jmeter	2.10:rc1
apache	jmeter	2.10:rc2
apache	jmeter	2.11
apache	jmeter	2.11:rc1
apache	jmeter	2.11:rc2
apache	jmeter	2.12
apache	jmeter	2.12:rc1
apache	jmeter	2.12:rc2
apache	jmeter	2.13
apache	jmeter	2.13:rc1
apache	jmeter	2.13:rc2
apache	jmeter	3.0
apache	jmeter	3.0:rc1
apache	jmeter	3.0:rc2
apache	jmeter	3.0:rc3
apache	jmeter	3.0:rc4
apache	jmeter	3.0:rc5
apache	jmeter	3.1
apache	jmeter	3.1:rc1
apache	jmeter	3.1:rc2
apache	jmeter	3.1:rc3
apache	jmeter	3.1:rc4
apache	jmeter	3.2
apache	jmeter	3.2:rc1
apache	jmeter	3.2:rc2
apache	jmeter	3.2:rc3
apache	jmeter	3.3
apache	jmeter	3.3:rc1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

jakarta-jmeter

bookworm	ignored
bullseye	ignored
buster	ignored
jessie	ignored
sid	vulnerable
stretch	ignored
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

jakarta-jmeter

artful	ignored
bionic	needs-triage
cosmic	ignored
disco	ignored
eoan	ignored
focal	needs-triage
groovy	ignored
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	dne
xenial	needs-triage

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E

https://bz.apache.org/bugzilla/show_bug.cgi?id=62039

https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E

https://bz.apache.org/bugzilla/show_bug.cgi?id=62039

https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E