Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1287

Опубликовано: 14 фев. 2018
Источник: debian
EPSS Низкий

Описание

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jakarta-jmeterunfixedpackage
jakarta-jmeterignoredtrixiepackage
jakarta-jmeterignoredbookwormpackage
jakarta-jmeterno-dsabullseyepackage
jakarta-jmeterno-dsabusterpackage
jakarta-jmeterno-dsastretchpackage
jakarta-jmeterno-dsajessiepackage
jakarta-jmeterno-dsawheezypackage

Примечания

  • https://www.openwall.com/lists/oss-security/2018/02/11/2

  • https://bz.apache.org/bugzilla/show_bug.cgi?id=62039

  • https://github.com/apache/jmeter/issues/4677

EPSS

Процентиль: 83%
0.01876
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1287

CVSS3: 9.8
ubuntu
почти 8 лет назад

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

nvd логотип

CVE-2018-1287

CVSS3: 9.8
nvd
почти 8 лет назад

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

github логотип

GHSA-j7j7-g4ww-pxg5

CVSS3: 9.8
github
больше 3 лет назад

Missing certificate validation in Apache JMeter

EPSS

Процентиль: 83%
0.01876
Низкий