CVE-2011-3558MEDIUM
Description
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
References
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://secunia.com/advisories/48308
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.securityfocus.com/bid/50242
http://www.securitytracker.com/id?1026215
http://www.ubuntu.com/usn/USN-1263-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/70835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13475
Details
Source: MITRE
Published: 2011-10-19
Updated: 2018-01-06
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89106 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) | Nessus | Misc. | critical |
| 76303 | GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) | Nessus | Gentoo Local Security Checks | critical |
| 75874 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75870 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75543 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75539 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 69569 | Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST) | Nessus | Amazon Linux Local Security Checks | critical |
| 68373 | Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380) (BEAST) | Nessus | Oracle Linux Local Security Checks | critical |
| 64846 | Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix) | Nessus | Misc. | critical |
| 61158 | Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST) | Nessus | Scientific Linux Local Security Checks | critical |
| 61156 | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (BEAST) | Nessus | Scientific Linux Local Security Checks | critical |
| 59684 | HP Systems Insight Manager < 7.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 58302 | VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE | Nessus | VMware ESX Local Security Checks | critical |
| 57685 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6, openjdk-6b18 regression (USN-1263-2) (BEAST) | Nessus | Ubuntu Local Security Checks | critical |
| 56860 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST) | Nessus | Ubuntu Local Security Checks | critical |
| 56809 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170) | Nessus | Mandriva Local Security Checks | critical |
| 56749 | Mac OS X : Java for Mac OS X 10.7 Update 1 (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 56748 | Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 56724 | GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 56719 | Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST) | Nessus | Fedora Local Security Checks | critical |
| 56566 | Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) | Nessus | Windows | critical |
| 56560 | RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST) | Nessus | Red Hat Local Security Checks | critical |
| 56558 | CentOS 5 : java-1.6.0-openjdk (CESA-2011:1380) (BEAST) | Nessus | CentOS Local Security Checks | critical |
| 56553 | RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380) (BEAST) | Nessus | Red Hat Local Security Checks | critical |