Vulnerability Name:

CVE-2011-0311 (CCN-65189)

Assigned:2011-01-20
Published:2011-01-20
Updated:2017-08-17
Summary:The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
3.5 Low (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-0311

Source: SUSE
Type: UNKNOWN
SUSE-SA:2011:024

Source: SUSE
Type: UNKNOWN
SUSE-SU-2011:0823

Source: CCN
Type: RHSA-2011-0490
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2011-1159
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2011-1265
Moderate: java-1.4.2-ibm-sap security update

Source: AIXAPAR
Type: UNKNOWN
IZ89602

Source: CCN
Type: IBM APAR IZ89602
IZ89602: JVM CRASHES WHILE LOADING INVALID CLASS FILE

Source: AIXAPAR
Type: UNKNOWN
IZ89620

Source: CCN
Type: IBM APAR IZ89620
IZ89620: JVM CRASHES WHILE LOADING INVALID CLASS FILE

Source: CCN
Type: OSVDB ID: 75244
IBM Java JVM Segmentation Fault Attribute Length Field Parsing Remote DoS

Source: CCN
Type: OSVDB ID: 75247
IBM Java Class File Parser Attribute Length Field Parsing Remote DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1159

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1265

Source: XF
Type: UNKNOWN
ibm-rjt-classfile-dos(65189)

Source: XF
Type: UNKNOWN
ibm-rjt-classfile-dos(65189)

Source: AIXAPAR
Type: UNKNOWN
PM42551

Source: CCN
Type: IBM APAR PM42551
JVM HANGS OR THROWS NATIVE OUT OF MEMORY WHILE LOADING INVALID C LASS FILE

Source: CCN
Type: IBM Security Bulletin 6858015 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Source: SUSE
Type: SUSE-SA:2011:024
IBM Java 1.4.2 security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2.13.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:*:*:*:*:*:*:*:* (Version <= 1.4.2.13.8)
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:5.0.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:*:*:*:*:*:*:*:* (Version <= 5.0.12.4)
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:6.0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:runtimes_for_java_technology:*:*:*:*:*:*:*:* (Version <= 6.0.9.0)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:sdk:5.0:*:*:*:java:*:*:*
  • OR cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:6.0:*:*:*:java:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20110311
    V
    		CVE-2011-0311
    2022-05-20
    oval:org.mitre.oval:def:23312
    P
    		ELSA-2011:1159: java-1.4.2-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22149
    P
    		RHSA-2011:1159: java-1.4.2-ibm security update (Critical)
    2014-02-24
    oval:com.redhat.rhsa:def:20111159
    P
    		RHSA-2011:1159: java-1.4.2-ibm security update (Critical)
    2011-08-15
    BACK
    ibm java 1.4.2
    ibm java 1.4.2.13
    ibm java 1.4.2.13.1
    ibm java 1.4.2.13.2
    ibm java 1.4.2.13.3
    ibm java 1.4.2.13.4
    ibm java 1.4.2.13.5
    ibm java 1.4.2.13.6
    ibm java 1.4.2.13.7
    ibm java *
    ibm runtimes for java technology 5.0.0
    ibm runtimes for java technology 5.0.11.0
    ibm runtimes for java technology 5.0.11.1
    ibm runtimes for java technology 5.0.11.2
    ibm runtimes for java technology 5.0.12.0
    ibm runtimes for java technology 5.0.12.1
    ibm runtimes for java technology 5.0.12.2
    ibm runtimes for java technology 5.0.12.3
    ibm runtimes for java technology *
    ibm runtimes for java technology 6.0.0
    ibm runtimes for java technology 6.0.1.0
    ibm runtimes for java technology 6.0.2.0
    ibm runtimes for java technology 6.0.3.0
    ibm runtimes for java technology 6.0.4.0
    ibm runtimes for java technology 6.0.5.0
    ibm runtimes for java technology 6.0.6.0
    ibm runtimes for java technology 6.0.7.0
    ibm runtimes for java technology 6.0.8.0
    ibm runtimes for java technology 6.0.8.1
    ibm runtimes for java technology *
    ibm sdk 5.0
    ibm java 1.4.2
    ibm sdk 6.0
    redhat rhel extras 4
    novell suse linux enterprise server 10
    suse novell linux pos 9
    novell open enterprise server -
    ibm tivoli application dependency discovery manager 7.3.0.0