Alpine: openjdk6: security update to 1.6.0-r1 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 401250

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6
Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and
untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
(CVE-2011-3554)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25
and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown
vectors related to AWT. (CVE-2011-0815)

- Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server
10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to
affect confidentiality, integrity, and availability via unknown vectors. (CVE-2011-0822)

- Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6
Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to
affect confidentiality, integrity, and availability via unknown vectors related to 2D. (CVE-2011-0862)

- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25
and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown
vectors related to HotSpot. (CVE-2011-0864)

See Also

https://git.alpinelinux.org/aports/commit/?id=0389c0810effbe38de6d05d68e3ab6bb08a8aaef

https://git.alpinelinux.org/aports/commit/?id=2962b2178b5ab294ca1b3d61e8e1037253ec85f4

Plugin Details

Severity: Critical

ID: 401250

Version: Revision 1.25

Type: Local

Published: 8/16/2023

Updated: 2/11/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

Percentile: 99.97

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-3554

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2011-3544

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2011

Vulnerability Publication Date: 6/7/2011

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java RMI Server Insecure Default Configuration Java Code Execution)

Reference Information

CVE: CVE-2011-0815, CVE-2011-0822, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0870, CVE-2011-0871, CVE-2011-0872, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560

BID: 48137, 48139, 48140, 48141, 48142, 48143, 48144, 48146, 48147, 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50242, 50243, 50246, 50248