CVE-2011-0864

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.

References

http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html

http://marc.info/?l=bugtraq&m=132439520301822&w=2

http://marc.info/?l=bugtraq&m=133728004526190&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=134254957702612&w=2

http://secunia.com/advisories/44818

http://secunia.com/advisories/44930

http://secunia.com/advisories/49198

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://support.avaya.com/css/P8/documents/100144512

http://www.debian.org/security/2011/dsa-2311

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html

http://www.ibm.com/developerworks/java/jdk/alerts/

http://www.mandriva.com/security/advisories?name=MDVSA-2011:126

http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

http://www.redhat.com/support/errata/RHSA-2011-0856.html

http://www.redhat.com/support/errata/RHSA-2011-0857.html

http://www.redhat.com/support/errata/RHSA-2011-0860.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14225

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14632

Details

Source: MITRE

Published: 2011-06-14

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_29:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_30:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:*:*:*:*:*:*:* versions up to 1.4.2_31 (inclusive)

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_30:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_31 (inclusive)

Configuration 2

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_25:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_25:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update29:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update29:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
75873openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)NessusSuSE Local Security Checks
critical
75863openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)NessusSuSE Local Security Checks
critical
75542openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)NessusSuSE Local Security Checks
critical
75527openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1)NessusSuSE Local Security Checks
critical
69874Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)NessusMisc.
critical
68287Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857)NessusOracle Linux Local Security Checks
critical
68286Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2011-0856)NessusOracle Linux Local Security Checks
critical
64845Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) (Unix)NessusMisc.
critical
61071Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61065Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61064Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical
57499Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST)NessusDebian Local Security Checks
critical
57211SuSE 10 Security Update : Sun/Oracle Java (ZYPP Patch Number 7569)NessusSuSE Local Security Checks
critical
56724GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
56307Debian DSA-2311-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
55853Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126)NessusMandriva Local Security Checks
critical
55459Mac OS X : Java for Mac OS X 10.6 Update 5NessusMacOS X Local Security Checks
critical
55458Mac OS X : Java for Mac OS X 10.5 Update 10NessusMacOS X Local Security Checks
critical
55172Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1)NessusUbuntu Local Security Checks
critical
55156Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028)NessusFedora Local Security Checks
critical
55155Fedora 13 : java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13 (2011-8020)NessusFedora Local Security Checks
critical
55137SuSE 11.1 Security Update : Sun/Oracle Java (SAT Patch Number 4698)NessusSuSE Local Security Checks
critical
55110CentOS 5 : java-1.6.0-openjdk (CESA-2011:0857)NessusCentOS Local Security Checks
critical
55062Fedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003)NessusFedora Local Security Checks
critical
55014RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0860)NessusRed Hat Local Security Checks
critical
55011RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857)NessusRed Hat Local Security Checks
critical
55010RHEL 6 : java-1.6.0-openjdk (RHSA-2011:0856)NessusRed Hat Local Security Checks
critical
54997Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)NessusWindows
critical