Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1287

Опубликовано: 14 фев. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:jmeter:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.3.4:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.5.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.6:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.7:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.8:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.9:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.10:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.10:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.11:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.12:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:2.13:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.1:rc4:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jmeter:3.3:rc1:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01389
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2018-1287

CVSS3: 9.8
ubuntu
почти 8 лет назад

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

debian логотип

CVE-2018-1287

CVSS3: 9.8
debian
почти 8 лет назад

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...

github логотип

GHSA-j7j7-g4ww-pxg5

CVSS3: 9.8
github
больше 3 лет назад

Missing certificate validation in Apache JMeter

EPSS

Процентиль: 80%
0.01389
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo