CVE-2018-1287
Published: 14 February 2018
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
Priority
Status
Package | Release | Status |
---|---|---|
jakarta-jmeter Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
hirsute |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
xenial |
Needs triage
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Needs triage
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
mantic |
Needs triage
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |