Preface: If your company hasn’t been performing load testing, it is hard to know the web application actual performance. Deploying JMeter will display the test results in a graph updated in real time.
Synopsis: Perhaps software developers did not imagine that JMeter design weakness will be hazardous of web server. And therefore we might found Jmeter function still activate after services launch.
Vulnerability detail: Apache JMeter Missing client auth for RMI connection when distributed test is used. And therefore attacker could exploit this vulnerability by establishing a Remote Method Invocation (RMI) connection with a jmeter-server while using the RemotejMeterEngine interface.It such a way let attacker execute arbitrary code on a targeted system.