Apache Software Foundation Apache Jmeter vulnerabilities
3 known vulnerabilities affecting apache_software_foundation/apache_jmeter.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2019-0187CRITICALCVSS 9.8vApache JMeter 4.0 to 5.02019-03-06
CVE-2019-0187 [CRITICAL] CWE-327 CVE-2019-0187: Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line optio
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to
cvelistv5nvd
CVE-2018-1287CRITICALCVSS 9.8v2.xv3.x2018-02-14
CVE-2018-1287 [CRITICAL] CVE-2018-1287: In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
cvelistv5nvd
CVE-2018-1297CRITICALCVSS 9.8v2.xv3.x2018-02-13
CVE-2018-1297 [CRITICAL] CWE-319 CVE-2018-1297: When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connec
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
cvelistv5nvd