{"url":"http://public2.vulnerablecode.io/api/packages/55027?format=json","purl":"pkg:maven/org.apache.jmeter/ApacheJMeter@2.4","type":"maven","namespace":"org.apache.jmeter","name":"ApacheJMeter","version":"2.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.1","latest_non_vulnerable_version":"5.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39393?format=json","vulnerability_id":"VCID-9xz8-znea-wufj","summary":"Cleartext Transmission of Sensitive Information\nWhen using Distributed Test only (RMI based), Apache `JMeteranduses` an unsecured RMI connection. This could allow an attacker to get access to `JMeterEngine` and send unauthorized code.","references":[{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=62039","reference_id":"","reference_type":"","scores":[],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1297","reference_id":"CVE-2018-1297","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1297"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55033?format=json","purl":"pkg:maven/org.apache.jmeter/ApacheJMeter@4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p614-njfn-m7ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jmeter/ApacheJMeter@4.0"}],"aliases":["CVE-2018-1297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xz8-znea-wufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39396?format=json","vulnerability_id":"VCID-xumm-un1w-wkcu","summary":"Improper Access Control\nWhen using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to `JMeterEngine` and send unauthorized code.","references":[{"reference_url":"http://www.securityfocus.com/bid/103068","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103068"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1287","reference_id":"CVE-2018-1287","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1287"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55033?format=json","purl":"pkg:maven/org.apache.jmeter/ApacheJMeter@4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p614-njfn-m7ak"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jmeter/ApacheJMeter@4.0"}],"aliases":["CVE-2018-1287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xumm-un1w-wkcu"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jmeter/ApacheJMeter@2.4"}