Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2018-1287
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
| Software | From | Fixed in |
|---|---|---|
| apache / jmeter | 2.10-rc1 | 2.10-rc1.x |
| apache / jmeter | 2.10-rc2 | 2.10-rc2.x |
| apache / jmeter | 2.11-rc1 | 2.11-rc1.x |
| apache / jmeter | 2.11-rc2 | 2.11-rc2.x |
| apache / jmeter | 2.12-rc1 | 2.12-rc1.x |
| apache / jmeter | 2.12-rc2 | 2.12-rc2.x |
| apache / jmeter | 2.13-rc1 | 2.13-rc1.x |
| apache / jmeter | 2.13-rc2 | 2.13-rc2.x |
| apache / jmeter | 2.3.3-rc1 | 2.3.3-rc1.x |
| apache / jmeter | 2.3.3-rc2 | 2.3.3-rc2.x |
| apache / jmeter | 2.3.4-rc1 | 2.3.4-rc1.x |
| apache / jmeter | 2.3.4-rc2 | 2.3.4-rc2.x |
| apache / jmeter | 2.3.4-rc3 | 2.3.4-rc3.x |
| apache / jmeter | 2.5.1-rc1 | 2.5.1-rc1.x |
| apache / jmeter | 2.5.1-rc2 | 2.5.1-rc2.x |
| apache / jmeter | 2.5.1-rc3 | 2.5.1-rc3.x |
| apache / jmeter | 2.5-rc1 | 2.5-rc1.x |
| apache / jmeter | 2.5-rc2 | 2.5-rc2.x |
| apache / jmeter | 2.5-rc3 | 2.5-rc3.x |
| apache / jmeter | 2.6-rc1 | 2.6-rc1.x |
| apache / jmeter | 2.6-rc2 | 2.6-rc2.x |
| apache / jmeter | 2.7-rc1 | 2.7-rc1.x |
| apache / jmeter | 2.7-rc2 | 2.7-rc2.x |
| apache / jmeter | 2.7-rc3 | 2.7-rc3.x |
| apache / jmeter | 2.8-rc1 | 2.8-rc1.x |
| apache / jmeter | 2.8-rc2 | 2.8-rc2.x |
| apache / jmeter | 2.9-rc1 | 2.9-rc1.x |
| apache / jmeter | 2.9-rc2 | 2.9-rc2.x |
| apache / jmeter | 2.9-rc3 | 2.9-rc3.x |
| apache / jmeter | 3.0-rc1 | 3.0-rc1.x |
| apache / jmeter | 3.0-rc2 | 3.0-rc2.x |
| apache / jmeter | 3.0-rc3 | 3.0-rc3.x |
| apache / jmeter | 3.0-rc4 | 3.0-rc4.x |
| apache / jmeter | 3.0-rc5 | 3.0-rc5.x |
| apache / jmeter | 3.2-rc1 | 3.2-rc1.x |
| apache / jmeter | 3.2-rc2 | 3.2-rc2.x |
| apache / jmeter | 3.2-rc3 | 3.2-rc3.x |
| apache / jmeter | 3.3-rc1 | 3.3-rc1.x |
| apache / jmeter | 3.1-rc1 | 3.1-rc1.x |
| apache / jmeter | 3.1-rc2 | 3.1-rc2.x |
| apache / jmeter | 3.1-rc3 | 3.1-rc3.x |
| apache / jmeter | 3.1-rc4 | 3.1-rc4.x |
| apache / jmeter | 3.3 | 3.3.x |
| apache / jmeter | 2.1 | 2.1.x |
| apache / jmeter | 2.11 | 2.11.x |
| apache / jmeter | 2.12 | 2.12.x |
| apache / jmeter | 2.13 | 2.13.x |
| apache / jmeter | 2.2 | 2.2.x |
| apache / jmeter | 2.3 | 2.3.x |
| apache / jmeter | 2.4 | 2.4.x |
| apache / jmeter | 2.5 | 2.5.x |
| apache / jmeter | 2.6 | 2.6.x |
| apache / jmeter | 2.7 | 2.7.x |
| apache / jmeter | 2.8 | 2.8.x |
| apache / jmeter | 2.9 | 2.9.x |
| apache / jmeter | 3.0 | 3.0.x |
| apache / jmeter | 3.1 | 3.1.x |
| apache / jmeter | 3.2 | 3.2.x |
| apache / jmeter | 2.3.1 | 2.3.1.x |
| apache / jmeter | 2.3.2 | 2.3.2.x |
| apache / jmeter | 2.3.3 | 2.3.3.x |
| apache / jmeter | 2.3.4 | 2.3.4.x |
| apache / jmeter | 2.5.1 | 2.5.1.x |
org.apache.jmeter / ApacheJMeter
|
- | 4.0 |
- http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/103068
- https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
- https://github.com/apache/jmeter/issues/4677
- https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E
- https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b%40%3Cissues.jmeter.apache.org%3E