CVE-2018-1287: Improper Access Control

February 14, 2018 (updated October 3, 2019)

When using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

References

www.securityfocus.com/bid/103068
nvd.nist.gov/vuln/detail/CVE-2018-1287

Code Behaviors & Features

Detect and mitigate CVE-2018-1287 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →