Vulnerabilities > CVE-2011-3546
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 | |
| Application | 42 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-SUN-111024.NASL description Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75874 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75874 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) NASL family Misc. NASL id ORACLE_JAVA_CPU_OCT_2011_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34. As such, it is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 64846 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64846 title Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0034.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM last seen 2020-04-16 modified 2012-01-19 plugin id 57595 published 2012-01-19 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57595 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0034) (BEAST) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201111-02.NASL description The remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56724 published 2011-11-07 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56724 title GLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-SUN-111024.NASL description Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75543 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75543 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-IBM-7926.NASL description IBM Java 1.6.0 SR10 has been released fixing the following CVE last seen 2020-06-05 modified 2012-01-24 plugin id 57658 published 2012-01-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57658 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7926) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE6.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 6, which updates the Java version to 1.6.0_29. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2011-11-09 plugin id 56748 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56748 title Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-120223.NASL description IBM Java 1.6.0 SR10 has been released fixing the following CVE last seen 2020-06-05 modified 2012-02-29 plugin id 58164 published 2012-02-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58164 title SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 5872) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0005.NASL description a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 58362 published 2012-03-16 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58362 title VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues NASL family SuSE Local Security Checks NASL id SUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL description Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75539 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75539 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1384.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 56560 published 2011-10-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56560 title RHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST) NASL family Misc. NASL id VMWARE_VMSA-2012-0005_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver last seen 2020-06-01 modified 2020-06-02 plugin id 89106 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89106 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check) NASL family SuSE Local Security Checks NASL id SUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL description Oracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. last seen 2020-06-01 modified 2020-06-02 plugin id 75870 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75870 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_7_UPDATE1.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.7 that is missing Update 1, which updates the Java version to 1.6.0_29. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. last seen 2019-10-28 modified 2011-11-09 plugin id 56749 published 2011-11-09 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56749 title Mac OS X : Java for Mac OS X 10.7 Update 1 (BEAST) NASL family Windows NASL id ORACLE_JAVA_CPU_OCT_2011.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 and is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 56566 published 2011-10-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56566 title Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0003.NASL description a. VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of October 2011. last seen 2020-06-01 modified 2020-06-02 plugin id 58302 published 2012-03-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58302 title VMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1455.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 78975 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78975 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT) NASL family Scientific Linux Local Security Checks NASL id SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL description The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61158 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61158 title Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)
Oval
| accepted | 2014-08-18T04:00:58.693-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:14291 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2011-11-25T18:04:54.000-05:00 | ||||||||||||||||
| title | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment. | ||||||||||||||||
| version | 8 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | CVE ID: CVE-2011-3389,CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550,CVE-2011-3551,CVE-2011-3552,CVE-2011-3553,CVE-2011-3554,CVE-2011-3556,CVE-2011-3557,CVE-2011-3560,CVE-2011-3561,CVE-2011-3563,CVE-2011-5035,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0502,CVE-2012-0503,CVE-2012-0505,CVE-2012-0506,CVE-2012-0507,CVE-2012-0732,CVE-2012-2159,CVE-2012-2161 IBM Rational AppScan是应用安全性软件,能够在开发的各个阶段扫描并测试所有常见的Web应用漏洞。 IBM Rational AppScan 8.6之前版本在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息、执行欺骗和XSS攻击、劫持用户会话、对DNS缓存投毒、操作某些数据、造成拒绝服务和控制受影响系统。 0 IBM Rational AppScan 8.x IBM Rational AppScan 7.x 厂商补丁: IBM --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ers.ibm.com/ |
| id | SSV:60220 |
| last seen | 2017-11-19 |
| modified | 2012-06-16 |
| published | 2012-06-16 |
| reporter | Root |
| title | IBM Rational AppScan 8.x/7.x 多个安全漏洞 |
References
- http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- http://www.redhat.com/support/errata/RHSA-2011-1384.html
- http://www.securityfocus.com/bid/50239
- http://www.ibm.com/developerworks/java/jdk/alerts/
- http://osvdb.org/76509
- http://marc.info/?l=bugtraq&m=132750579901589&w=2
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
- http://www.securitytracker.com/id?1026215
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://marc.info/?l=bugtraq&m=134254957702612&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70847
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14291
- http://marc.info/?l=bugtraq&m=134254866602253&w=2
- http://secunia.com/advisories/48308