CVE-2018-1287 Vulnerability in maven package org.apache.jmeter:apachejmeter

Description

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E

http://www.securityfocus.com/bid/103068

https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E

Related Vulnerabilities

CVE-2023-49655 Vulnerability in maven package org.jenkins-ci.plugins:matlab

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone

CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on

CVE-2016-0710 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H