CVE Vulnerabilities

CVE-2018-1287

Published: Feb 14, 2018 | Modified: Nov 07, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Affected Software

Name Vendor Start Version End Version
Jmeter Apache 2.1 2.1
Jmeter Apache 2.2 2.2
Jmeter Apache 2.3 2.3
Jmeter Apache 2.3.1 2.3.1
Jmeter Apache 2.3.2 2.3.2
Jmeter Apache 2.3.3 2.3.3
Jmeter Apache 2.3.3 2.3.3
Jmeter Apache 2.3.3 2.3.3
Jmeter Apache 2.3.4 2.3.4
Jmeter Apache 2.3.4 2.3.4
Jmeter Apache 2.3.4 2.3.4
Jmeter Apache 2.3.4 2.3.4
Jmeter Apache 2.4 2.4
Jmeter Apache 2.5 2.5
Jmeter Apache 2.5 2.5
Jmeter Apache 2.5 2.5
Jmeter Apache 2.5 2.5
Jmeter Apache 2.5.1 2.5.1
Jmeter Apache 2.5.1 2.5.1
Jmeter Apache 2.5.1 2.5.1
Jmeter Apache 2.5.1 2.5.1
Jmeter Apache 2.6 2.6
Jmeter Apache 2.6 2.6
Jmeter Apache 2.6 2.6
Jmeter Apache 2.7 2.7
Jmeter Apache 2.7 2.7
Jmeter Apache 2.7 2.7
Jmeter Apache 2.7 2.7
Jmeter Apache 2.8 2.8
Jmeter Apache 2.8 2.8
Jmeter Apache 2.8 2.8
Jmeter Apache 2.9 2.9
Jmeter Apache 2.9 2.9
Jmeter Apache 2.9 2.9
Jmeter Apache 2.9 2.9
Jmeter Apache 2.10 2.10
Jmeter Apache 2.10 2.10
Jmeter Apache 2.11 2.11
Jmeter Apache 2.11 2.11
Jmeter Apache 2.11 2.11
Jmeter Apache 2.12 2.12
Jmeter Apache 2.12 2.12
Jmeter Apache 2.12 2.12
Jmeter Apache 2.13 2.13
Jmeter Apache 2.13 2.13
Jmeter Apache 2.13 2.13
Jmeter Apache 3.0 3.0
Jmeter Apache 3.0 3.0
Jmeter Apache 3.0 3.0
Jmeter Apache 3.0 3.0
Jmeter Apache 3.0 3.0
Jmeter Apache 3.0 3.0
Jmeter Apache 3.1 3.1
Jmeter Apache 3.1 3.1
Jmeter Apache 3.1 3.1
Jmeter Apache 3.1 3.1
Jmeter Apache 3.1 3.1
Jmeter Apache 3.2 3.2
Jmeter Apache 3.2 3.2
Jmeter Apache 3.2 3.2
Jmeter Apache 3.2 3.2
Jmeter Apache 3.3 3.3
Jmeter Apache 3.3 3.3

References