Vulnerabilities > CVE-2018-1287 - Unspecified vulnerability in Apache Jmeter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | APACHE_JMETER_4.NASL |
description | One or more versions of Apache JMeter discovered on the remote host is affected by a remote code execution vulnerability as a result of insecure RMI registry binding. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 106979 |
published | 2018-02-24 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/106979 |
title | Apache JMeter < 4.0 Insecure RMI Registry Binding |
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E
- http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/103068
- http://www.securityfocus.com/bid/103068
- https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E
- https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E