Skip to main content

Jmeter CVE-2018-1287

CRITICAL
2018-02-14 security@apache.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 14, 2018 - 14:29 nvd
CRITICAL 9.8

DescriptionNVD

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

AnalysisAI

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. Affected products include: Apache Jmeter.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Jmeter

View all
CVE-2021-21345 CRITICAL POC
9.9 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerabi

CVE-2021-21350 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21347 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21346 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21344 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21351 CRITICAL POC
9.1 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2021-21342 CRITICAL POC
9.1 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2021-21349 HIGH POC
8.6 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 8.6), this vulnerability

CVE-2021-21343 HIGH POC
7.5 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability

CVE-2021-21341 HIGH POC
7.5 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability

CVE-2019-0187 CRITICAL
9.8 Mar 06

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Rated critical

CVE-2018-1297 CRITICAL
9.8 Feb 13

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. Rated critical

Share

CVE-2018-1287 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy