Vulnerabilities > CVE-2011-3555 - Remote Java Runtime Environment vulnerability in SUN JDK and JRE

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
COMPLETE
network
high complexity
sun
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Sun
2

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_JAVA-1_6_0-SUN-111024.NASL
    descriptionOracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details.
    last seen2020-06-01
    modified2020-06-02
    plugin id75874
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75874
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2011_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34. As such, it is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id64846
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64846
    titleOracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST) (Unix)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201111-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201111-02 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56724
    published2011-11-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56724
    titleGLSA-201111-02 : Oracle JRE/JDK: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_JAVA-1_6_0-SUN-111024.NASL
    descriptionOracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details.
    last seen2020-06-01
    modified2020-06-02
    plugin id75543
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75543
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL
    descriptionOracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details.
    last seen2020-06-01
    modified2020-06-02
    plugin id75539
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75539
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1384.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56560
    published2011-10-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56560
    titleRHEL 4 / 5 / 6 : java-1.6.0-sun (RHSA-2011:1384) (BEAST)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0005_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver
    last seen2020-06-01
    modified2020-06-02
    plugin id89106
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89106
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL
    descriptionOracle/Sun OpenJDK 1.6.0 was updated to the 1.10.4release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details.
    last seen2020-06-01
    modified2020-06-02
    plugin id75870
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/75870
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-5329) (BEAST)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2011.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 and is potentially affected by security issues in the following components : - 2D - AWT - Deployment - Deserialization - Hotspot - Java Runtime Environment - JAXWS - JSSE - Networking - RMI - Scripting - Sound - Swing
    last seen2020-06-01
    modified2020-06-02
    plugin id56566
    published2011-10-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56566
    titleOracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0003.NASL
    descriptiona. VirtualCenter and ESX, Oracle (Sun) JRE update 1.5.0_32 Oracle (Sun) JRE is updated to version 1.5.0_32, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_32 in the Oracle Java SE Critical Patch Update Advisory of October 2011.
    last seen2020-06-01
    modified2020-06-02
    plugin id58302
    published2012-03-09
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58302
    titleVMSA-2012-0003 : VMware VirtualCenter Update and ESX 3.5 patch update JRE
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL
    descriptionThe Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 29 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61158
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61158
    titleScientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (BEAST)

Oval

accepted2014-08-18T04:01:02.647-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameDragos Prisaca
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentJava SE Development Kit 7 is installed
    ovaloval:org.mitre.oval:def:16278
  • commentJava SE Runtime Environment 7 is installed
    ovaloval:org.mitre.oval:def:16050
descriptionUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
familywindows
idoval:org.mitre.oval:def:14400
statusaccepted
submitted2011-11-25T18:05:07.000-05:00
titleUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
version8

Redhat

advisories
rhsa
idRHSA-2011:1384