In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
2018-02-14T14:29:00.210
2024-11-21T03:59:33.020
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | jmeter | 2.1 | Yes |
| Application | apache | jmeter | 2.2 | Yes |
| Application | apache | jmeter | 2.3 | Yes |
| Application | apache | jmeter | 2.3.1 | Yes |
| Application | apache | jmeter | 2.3.2 | Yes |
| Application | apache | jmeter | 2.3.3 | Yes |
| Application | apache | jmeter | 2.3.3 | Yes |
| Application | apache | jmeter | 2.3.3 | Yes |
| Application | apache | jmeter | 2.3.4 | Yes |
| Application | apache | jmeter | 2.3.4 | Yes |
| Application | apache | jmeter | 2.3.4 | Yes |
| Application | apache | jmeter | 2.3.4 | Yes |
| Application | apache | jmeter | 2.4 | Yes |
| Application | apache | jmeter | 2.5 | Yes |
| Application | apache | jmeter | 2.5 | Yes |
| Application | apache | jmeter | 2.5 | Yes |
| Application | apache | jmeter | 2.5 | Yes |
| Application | apache | jmeter | 2.5.1 | Yes |
| Application | apache | jmeter | 2.5.1 | Yes |
| Application | apache | jmeter | 2.5.1 | Yes |
| Application | apache | jmeter | 2.5.1 | Yes |
| Application | apache | jmeter | 2.6 | Yes |
| Application | apache | jmeter | 2.6 | Yes |
| Application | apache | jmeter | 2.6 | Yes |
| Application | apache | jmeter | 2.7 | Yes |
| Application | apache | jmeter | 2.7 | Yes |
| Application | apache | jmeter | 2.7 | Yes |
| Application | apache | jmeter | 2.7 | Yes |
| Application | apache | jmeter | 2.8 | Yes |
| Application | apache | jmeter | 2.8 | Yes |
| Application | apache | jmeter | 2.8 | Yes |
| Application | apache | jmeter | 2.9 | Yes |
| Application | apache | jmeter | 2.9 | Yes |
| Application | apache | jmeter | 2.9 | Yes |
| Application | apache | jmeter | 2.9 | Yes |
| Application | apache | jmeter | 2.10 | Yes |
| Application | apache | jmeter | 2.10 | Yes |
| Application | apache | jmeter | 2.11 | Yes |
| Application | apache | jmeter | 2.11 | Yes |
| Application | apache | jmeter | 2.11 | Yes |
| Application | apache | jmeter | 2.12 | Yes |
| Application | apache | jmeter | 2.12 | Yes |
| Application | apache | jmeter | 2.12 | Yes |
| Application | apache | jmeter | 2.13 | Yes |
| Application | apache | jmeter | 2.13 | Yes |
| Application | apache | jmeter | 2.13 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.0 | Yes |
| Application | apache | jmeter | 3.1 | Yes |
| Application | apache | jmeter | 3.1 | Yes |
| Application | apache | jmeter | 3.1 | Yes |
| Application | apache | jmeter | 3.1 | Yes |
| Application | apache | jmeter | 3.1 | Yes |
| Application | apache | jmeter | 3.2 | Yes |
| Application | apache | jmeter | 3.2 | Yes |
| Application | apache | jmeter | 3.2 | Yes |
| Application | apache | jmeter | 3.2 | Yes |
| Application | apache | jmeter | 3.3 | Yes |
| Application | apache | jmeter | 3.3 | Yes |