CVE-2011-3544 - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7

CVE-2011-3544

Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

References

Vulnerable Configurations

cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 06-01-2018 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-08-18T04:00:48.697-04:00

class

vulnerability

contributors

name Aharon Chernin
organization DTCC
name Dragos Prisaca
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Java SE Runtime Environment 6 is installed
oval oval:org.mitre.oval:def:16362
comment Java SE Runtime Environment 7 is installed
oval oval:org.mitre.oval:def:16050
comment Java SE Development Kit 6 is installed
oval oval:org.mitre.oval:def:15831
comment Java SE Development Kit 7 is installed
oval oval:org.mitre.oval:def:16278

description

family

windows

oval:org.mitre.oval:def:13947

status

accepted

submitted

2011-11-25T18:04:51.000-05:00

title

version

redhat via4

advisories

rhsa
id RHSA-2011:1384
rhsa
id RHSA-2013:1455

rpms

java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-openjdk-demo-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-demo-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-openjdk-devel-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-devel-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-openjdk-src-1:1.6.0.0-1.23.1.9.10.el5_7
java-1.6.0-openjdk-src-1:1.6.0.0-1.40.1.9.10.el6_1
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el6
java-1.6.0-sun-demo-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-demo-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-demo-1:1.6.0.29-1jpp.1.el6
java-1.6.0-sun-devel-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-devel-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-devel-1:1.6.0.29-1jpp.1.el6
java-1.6.0-sun-jdbc-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-jdbc-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-jdbc-1:1.6.0.29-1jpp.1.el6
java-1.6.0-sun-plugin-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-plugin-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-plugin-1:1.6.0.29-1jpp.1.el6
java-1.6.0-sun-src-1:1.6.0.29-1jpp.1.el4
java-1.6.0-sun-src-1:1.6.0.29-1jpp.1.el5
java-1.6.0-sun-src-1:1.6.0.29-1jpp.1.el6
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-accessibility-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-demo-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-demo-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-demo-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-devel-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-devel-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-devel-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-javacomm-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-javacomm-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-javacomm-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-jdbc-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-jdbc-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-jdbc-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-plugin-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-plugin-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-plugin-1:1.6.0.10.0-1jpp.2.el6
java-1.6.0-ibm-src-1:1.6.0.10.0-1jpp.2.el4
java-1.6.0-ibm-src-1:1.6.0.10.0-1jpp.2.el5
java-1.6.0-ibm-src-1:1.6.0.10.0-1jpp.2.el6
java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4

refmap via4

bid	50218
confirm	http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
gentoo	GLSA-201406-32
hp	HPSBMU02797 HPSBMU02799 HPSBUX02730 SSRT100710 SSRT100867
sectrack	1026215
secunia	48308
suse	SUSE-SU-2012:0114
ubuntu	USN-1263-1
xf	oracle-jre-scripting-unspecified(70849)

saint via4

bid	50218
description	Oracle Java Rhino Script Engine Code Execution
id	web_client_jre
osvdb	76500
title	oracle_java_rhino_script_exec
type	client

Last major update

06-01-2018 - 02:29

Published

19-10-2011 - 21:55

Last modified

06-01-2018 - 02:29