CVE-2011-3558medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
References
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://secunia.com/advisories/48308
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.securityfocus.com/bid/50242
http://www.securitytracker.com/id?1026215
http://www.ubuntu.com/usn/USN-1263-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/70835
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13475
Details
Source: MITRE
Published: 2011-10-19
Updated: 2018-01-06
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89106 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) | Nessus | Misc. | critical |
| 76303 | GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) | Nessus | Gentoo Local Security Checks | critical |
| 75874 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75870 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75543 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 75539 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) | Nessus | SuSE Local Security Checks | critical |
| 69569 | Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST) | Nessus | Amazon Linux Local Security Checks | critical |
| 68373 | Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380) (BEAST) | Nessus | Oracle Linux Local Security Checks | critical |
| 64846 | Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix) | Nessus | Misc. | critical |
| 61158 | Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST) | Nessus | Scientific Linux Local Security Checks | critical |
| 61156 | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (BEAST) | Nessus | Scientific Linux Local Security Checks | critical |
| 59684 | HP Systems Insight Manager < 7.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 58302 | VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE | Nessus | VMware ESX Local Security Checks | critical |
| 57685 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : openjdk-6, openjdk-6b18 regression (USN-1263-2) (BEAST) | Nessus | Ubuntu Local Security Checks | critical |
| 56860 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities (USN-1263-1) (BEAST) | Nessus | Ubuntu Local Security Checks | critical |
| 56809 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170) | Nessus | Mandriva Local Security Checks | critical |
| 56749 | Mac OS X : Java for Mac OS X 10.7 Update 1 (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 56748 | Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 56724 | GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 56719 | Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST) | Nessus | Fedora Local Security Checks | critical |
| 56566 | Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) | Nessus | Windows | critical |
| 56560 | RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST) | Nessus | Red Hat Local Security Checks | critical |
| 56558 | CentOS 5 : java-1.6.0-openjdk (CESA-2011:1380) (BEAST) | Nessus | CentOS Local Security Checks | critical |
| 56553 | RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2011:1380) (BEAST) | Nessus | Red Hat Local Security Checks | critical |