Lucene search
Veracode Vulnerability DatabaseVERACODE:5817HistoryFeb 15, 2018 - 3:23 a.m.
Remote Code Execution (RCE)
2018-02-1503:23:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
56.2%
Apache JMeter is vulnerable to remote code execution (RCE) attacks. The library binds the RMI connection to a wildcard hostname, allowing a malicious user to inject and execute arbitrary commands through it by connecting to it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache jmeter core | le | 3.3 | |
| jmeter | le | 3.1.0.1 |
References
mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpYsFx1%2Brwz1A%3Dmc7wAgbDHARyj1VrWNg41y9OySuL1mqw%40mail.gmail.com%3E
www.securityfocus.com/bid/103068
bz.apache.org/bugzilla/show_bug.cgi?id=62039
lists.apache.org/thread.html/31e0adbeca9d865ff74d0906b2248a41a1457cb54c1afbe5947df58b@%3Cissues.jmeter.apache.org%3E
Related
cve
cve
CVE-2018-1287
2018-02-14 14:29:00
nvd
nvd
CVE-2018-1287
2018-02-14 14:29:00
prion
prion
Design/Logic Flaw
2018-02-14 14:29:00
debiancve
debiancve
CVE-2018-1287
2018-02-14 14:29:00
osv
osv
Missing certificate validation in Apache JMeter
2022-05-13 01:49:40
CVE-2018-1287
2018-02-14 14:29:00
nessus
nessus
Apache JMeter < 4.0 Insecure RMI Registry Binding
2018-02-24 00:00:00
github
github
Missing certificate validation in Apache JMeter
2022-05-13 01:49:40
ubuntucve
ubuntucve
CVE-2018-1287
2018-02-14 00:00:00
cvelist
cvelist
CVE-2018-1287
2018-02-11 00:00:00
