CVE-2018-1287 Vulnerability in maven package org.apache.jmeter:apachejmeter

Description

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E

http://www.securityfocus.com/bid/103068

https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E

Related Vulnerabilities

CVE-2023-34603 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-5407 Vulnerability in maven package org.springframework.security:spring-security-saml2-service-provider

CVE-2013-2187 Vulnerability in maven package org.apache.archiva:archiva

CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H