CVE-2011-0869MEDIUM
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.
References
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html
http://marc.info/?l=bugtraq&m=132439520301822&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/44818
http://secunia.com/advisories/44930
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.avaya.com/css/P8/documents/100144512
http://www.debian.org/security/2011/dsa-2311
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:126
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://www.redhat.com/support/errata/RHSA-2011-0856.html
http://www.redhat.com/support/errata/RHSA-2011-0857.html
http://www.redhat.com/support/errata/RHSA-2011-0860.html
http://www.redhat.com/support/errata/RHSA-2011-0938.html
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14644
Details
Source: MITRE
Published: 2011-06-14
Updated: 2017-12-22
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_26:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_26:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 78975 | RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) | Nessus | Red Hat Local Security Checks | critical |
| 76303 | GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) | Nessus | Gentoo Local Security Checks | critical |
| 75873 | openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1) | Nessus | SuSE Local Security Checks | critical |
| 75863 | openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1) | Nessus | SuSE Local Security Checks | critical |
| 75542 | openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1) | Nessus | SuSE Local Security Checks | critical |
| 75527 | openSUSE Security Update : icedtea-web (openSUSE-SU-2011:0706-1) | Nessus | SuSE Local Security Checks | critical |
| 69874 | Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689) | Nessus | Misc. | critical |
| 68287 | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2011-0857) | Nessus | Oracle Linux Local Security Checks | critical |
| 68286 | Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2011-0856) | Nessus | Oracle Linux Local Security Checks | critical |
| 64845 | Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) (Unix) | Nessus | Misc. | critical |
| 61071 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 61065 | Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 61064 | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 59684 | HP Systems Insight Manager < 7.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 57499 | Debian DSA-2358-1 : openjdk-6 - several vulnerabilities (BEAST) | Nessus | Debian Local Security Checks | critical |
| 57211 | SuSE 10 Security Update : Sun/Oracle Java (ZYPP Patch Number 7569) | Nessus | SuSE Local Security Checks | critical |
| 57210 | SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7627) | Nessus | SuSE Local Security Checks | critical |
| 56724 | GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 56307 | Debian DSA-2311-1 : openjdk-6 - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 55853 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:126) | Nessus | Mandriva Local Security Checks | critical |
| 55622 | SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626) | Nessus | SuSE Local Security Checks | critical |
| 55619 | SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4875) | Nessus | SuSE Local Security Checks | critical |
| 55598 | RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2011:0938) | Nessus | Red Hat Local Security Checks | critical |
| 55459 | Mac OS X : Java for Mac OS X 10.6 Update 5 | Nessus | MacOS X Local Security Checks | critical |
| 55458 | Mac OS X : Java for Mac OS X 10.5 Update 10 | Nessus | MacOS X Local Security Checks | critical |
| 55172 | Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1) | Nessus | Ubuntu Local Security Checks | critical |
| 55156 | Fedora 15 : java-1.6.0-openjdk-1.6.0.0-58.1.10.2.fc15 (2011-8028) | Nessus | Fedora Local Security Checks | critical |
| 55155 | Fedora 13 : java-1.6.0-openjdk-1.6.0.0-51.1.8.8.fc13 (2011-8020) | Nessus | Fedora Local Security Checks | critical |
| 55137 | SuSE 11.1 Security Update : Sun/Oracle Java (SAT Patch Number 4698) | Nessus | SuSE Local Security Checks | critical |
| 55110 | CentOS 5 : java-1.6.0-openjdk (CESA-2011:0857) | Nessus | CentOS Local Security Checks | critical |
| 55062 | Fedora 14 : java-1.6.0-openjdk-1.6.0.0-53.1.9.8.fc14 (2011-8003) | Nessus | Fedora Local Security Checks | critical |
| 55014 | RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:0860) | Nessus | Red Hat Local Security Checks | critical |
| 55011 | RHEL 5 : java-1.6.0-openjdk (RHSA-2011:0857) | Nessus | Red Hat Local Security Checks | critical |
| 55010 | RHEL 6 : java-1.6.0-openjdk (RHSA-2011:0856) | Nessus | Red Hat Local Security Checks | critical |
| 54997 | Oracle Java SE Multiple Vulnerabilities (June 2011 CPU) | Nessus | Windows | critical |