CVE-2011-0866

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.

References

http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html

http://marc.info/?l=bugtraq&m=132439520301822&w=2

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://marc.info/?l=bugtraq&m=134254957702612&w=2

http://secunia.com/advisories/44930

http://www.ibm.com/developerworks/java/jdk/alerts/

http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

http://www.us-cert.gov/cas/techalerts/TA11-201A.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14011

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14545

Details

Source: MITRE

Published: 2011-06-14

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_29:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.4.2_30:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:*:*:*:*:*:*:* versions up to 1.4.2_31 (inclusive)

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_30:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_31 (inclusive)

Configuration 2

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_25:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_25:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update29:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update29:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
75873openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)NessusSuSE Local Security Checks
critical
75542openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)NessusSuSE Local Security Checks
critical
69874Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)NessusMisc.
critical
64845Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) (Unix)NessusMisc.
critical
59684HP Systems Insight Manager < 7.0 Multiple VulnerabilitiesNessusWindows
critical
57211SuSE 10 Security Update : Sun/Oracle Java (ZYPP Patch Number 7569)NessusSuSE Local Security Checks
critical
57210SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7627)NessusSuSE Local Security Checks
critical
57207SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7650)NessusSuSE Local Security Checks
critical
57205SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7698)NessusSuSE Local Security Checks
critical
56006SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7697)NessusSuSE Local Security Checks
critical
56004SuSE 11.1 Security Update : IBM Java (SAT Patch Number 5014)NessusSuSE Local Security Checks
critical
56002SuSE9 Security Update : IBM Java JRE and SDK (YOU Patch Number 12819)NessusSuSE Local Security Checks
critical
55768SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12810)NessusSuSE Local Security Checks
critical
55757SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7649)NessusSuSE Local Security Checks
critical
55622SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626)NessusSuSE Local Security Checks
critical
55619SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4875)NessusSuSE Local Security Checks
critical
55137SuSE 11.1 Security Update : Sun/Oracle Java (SAT Patch Number 4698)NessusSuSE Local Security Checks
critical
54997Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)NessusWindows
critical