Host Spoofing Affecting org.apache.jmeter:apachejmeter Open this link in a new tab package, versions [2.0,4.0)

Attack Complexity

Low
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHEJMETER-32094
published

15 Feb 2018
disclosed

11 Feb 2018
credit

Brenden Meeder

Report a new vulnerability Found a mistake?

Introduced: 11 Feb 2018

CVE-2018-1287 Open this link in a new tab CWE-297 Open this link in a new tab

How to fix?

Upgrade org.apache.jmeter:ApacheJMeter to version 4.0 or higher.

Overview

org.apache.jmeter:ApacheJMeter is an open Source application designed to load test applications and measure performance.

Affected versions of this package are vulnerable to Host Spoofing. When using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

Host Spoofing Affecting org.apache.jmeter:apachejmeter Open this link in a new tab package, versions [2.0,4.0)

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

credit

Introduced: 11 Feb 2018

How to fix?

Overview

References