Vulnerabilities > CVE-2018-1287 - Unspecified vulnerability in Apache Jmeter

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

critical

nessus

NVD

Published: 2018-02-14

Updated: 2023-11-07

Summary

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Jmeter 2.10 Apache Jmeter 2.11 Apache Jmeter 2.12 Apache Jmeter 2.13 Apache Jmeter 2.3.3 Apache Jmeter 2.3.4 Apache Jmeter 2.5.1 Apache Jmeter 2.5 Apache Jmeter 2.6 Apache Jmeter 2.7 Apache Jmeter 2.8 Apache Jmeter 2.9 Apache Jmeter 3.0 Apache Jmeter 3.2 Apache Jmeter 3.3 Apache Jmeter 3.1 Apache Jmeter 2.1 Apache Jmeter 2.2 Apache Jmeter 2.3 Apache Jmeter 2.4 Apache Jmeter 2.3.1 Apache Jmeter 2.3.2	63

Nessus

NASL family	Windows
NASL id	APACHE_JMETER_4.NASL
description	One or more versions of Apache JMeter discovered on the remote host is affected by a remote code execution vulnerability as a result of insecure RMI registry binding.
last seen	2020-06-01
modified	2020-06-02
plugin id	106979
published	2018-02-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106979
title	Apache JMeter < 4.0 Insecure RMI Registry Binding

Summary

Vulnerable Configurations

Nessus

References