CVE-2018-1287 — CRITICAL (9.8)

Vulnerability Description

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Jmeter	2.1

References

http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFxMitigationVendor Advisory
http://www.securityfocus.com/bid/103068Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1
http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFxMitigationVendor Advisory
http://www.securityfocus.com/bid/103068Third Party AdvisoryVDB Entry
https://lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1

FAQ

What is CVE-2018-1287?

CVE-2018-1287 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unaut...

How severe is CVE-2018-1287?

CVE-2018-1287 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-1287?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Jmeter.