cpe:/a:apache:jmeter:2.1 cpe:/a:apache:jmeter:2.2 cpe:/a:apache:jmeter:2.3 cpe:/a:apache:jmeter:2.3.1 cpe:/a:apache:jmeter:2.3.2 cpe:/a:apache:jmeter:2.3.3 cpe:/a:apache:jmeter:2.3.3:rc1 cpe:/a:apache:jmeter:2.3.3:rc2 cpe:/a:apache:jmeter:2.3.4 cpe:/a:apache:jmeter:2.3.4:rc1 cpe:/a:apache:jmeter:2.3.4:rc2 cpe:/a:apache:jmeter:2.3.4:rc3 cpe:/a:apache:jmeter:2.4 cpe:/a:apache:jmeter:2.5 cpe:/a:apache:jmeter:2.5:rc1 cpe:/a:apache:jmeter:2.5:rc2 cpe:/a:apache:jmeter:2.5:rc3 cpe:/a:apache:jmeter:2.5.1 cpe:/a:apache:jmeter:2.5.1:rc1 cpe:/a:apache:jmeter:2.5.1:rc2 cpe:/a:apache:jmeter:2.5.1:rc3 cpe:/a:apache:jmeter:2.6 cpe:/a:apache:jmeter:2.6:rc1 cpe:/a:apache:jmeter:2.6:rc2 cpe:/a:apache:jmeter:2.7 cpe:/a:apache:jmeter:2.7:rc1 cpe:/a:apache:jmeter:2.7:rc2 cpe:/a:apache:jmeter:2.7:rc3 cpe:/a:apache:jmeter:2.8 cpe:/a:apache:jmeter:2.8:rc1 cpe:/a:apache:jmeter:2.8:rc2 cpe:/a:apache:jmeter:2.9 cpe:/a:apache:jmeter:2.9:rc1 cpe:/a:apache:jmeter:2.9:rc2 cpe:/a:apache:jmeter:2.9:rc3 cpe:/a:apache:jmeter:2.10:rc1 cpe:/a:apache:jmeter:2.10:rc2 cpe:/a:apache:jmeter:2.11 cpe:/a:apache:jmeter:2.11:rc1 cpe:/a:apache:jmeter:2.11:rc2 cpe:/a:apache:jmeter:2.12 cpe:/a:apache:jmeter:2.12:rc1 cpe:/a:apache:jmeter:2.12:rc2 cpe:/a:apache:jmeter:2.13 cpe:/a:apache:jmeter:2.13:rc1 cpe:/a:apache:jmeter:2.13:rc2 cpe:/a:apache:jmeter:3.0 cpe:/a:apache:jmeter:3.0:rc1 cpe:/a:apache:jmeter:3.0:rc2 cpe:/a:apache:jmeter:3.0:rc3 cpe:/a:apache:jmeter:3.0:rc4 cpe:/a:apache:jmeter:3.0:rc5 cpe:/a:apache:jmeter:3.1 cpe:/a:apache:jmeter:3.1:rc1 cpe:/a:apache:jmeter:3.1:rc2 cpe:/a:apache:jmeter:3.1:rc3 cpe:/a:apache:jmeter:3.1:rc4 cpe:/a:apache:jmeter:3.2 cpe:/a:apache:jmeter:3.2:rc1 cpe:/a:apache:jmeter:3.2:rc2 cpe:/a:apache:jmeter:3.2:rc3 cpe:/a:apache:jmeter:3.3 cpe:/a:apache:jmeter:3.3:rc1 CVE-2018-1287 2018-02-14T09:29:00.210-05:00 2019-10-02T20:03:26.223-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 103068 MLIST [jmeter-issues] 20190609 [Bug 62039] [CVE-2018-1287 & CVE-2018-1297] Distributed testing : Secure RMI connection by SSL and certificate and bind to host defined "java.rmi.server.hostname" system property MLIST [www-announce] 20180211 CVE-2018-1287: Apache JMeter binds RMI server to wildcard in distributed mode (based on RMI) In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.