Vulnerability Name: CVE-2011-0817 (CCN-67918) Assigned: 2011-06-07 Published: 2011-06-07 Updated: 2017-12-22 Summary: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRECVE-2011-0817 HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, and Other Vulnerabilities openSUSE-SU-2011:0633 SUSE-SA:2011:030 SUSE-SU-2011:0807 SSRT100591 HPSBMU02799 SSRT100867 Sun Java JDK / JRE / SDK Multiple Vulnerabilities 44930 http://www.ibm.com/developerworks/java/jdk/alerts/ Oracle Java SE Critical Patch Update Advisory - June 2011 http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Oracle Java SE / JRE JP2IEXP.dll Plugin Corrupted Window Procedure Hook Remote Code Execution Oracle Java SE and Java for Business CVE-2011-0817 Remote Code Execution Vulnerability runtime-jp2iexp-code-execution(67918) oval:org.mitre.oval:def:14359 oval:org.mitre.oval:def:14462 Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_22:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_23:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_24:*:*:*:*:*:* OR cpe:/a:sun:jdk:*:update_25:*:*:*:*:*:* (Version <= 1.6.0) OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:* OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_22:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_23:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_24:*:*:*:*:*:* OR cpe:/a:sun:jre:*:update_25:*:*:*:*:*:* (Version <= 1.6.0) OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:* OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:* AND cpe:/o:microsoft:windows:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.1:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.2:*:*:*:*:*:*:* OR cpe:/a:hp:systems_insight_manager:6.3:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.opensuse.security:def:20110817 V CVE-2011-0817 2022-05-20 oval:org.mitre.oval:def:14359 V HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2015-04-20 oval:org.mitre.oval:def:14462 V Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. 2014-08-18
BACK
sun jdk 1.6.0
sun jdk 1.6.0 update1
sun jdk 1.6.0 update2
sun jdk 1.6.0 update_10
sun jdk 1.6.0 update_11
sun jdk 1.6.0 update_12
sun jdk 1.6.0 update_13
sun jdk 1.6.0 update_14
sun jdk 1.6.0 update_15
sun jdk 1.6.0 update_16
sun jdk 1.6.0 update_17
sun jdk 1.6.0 update_18
sun jdk 1.6.0 update_19
sun jdk 1.6.0 update_20
sun jdk 1.6.0 update_21
sun jdk 1.6.0 update_22
sun jdk 1.6.0 update_23
sun jdk 1.6.0 update_24
sun jdk * update_25
sun jdk 1.6.0 update_3
sun jdk 1.6.0 update_4
sun jdk 1.6.0 update_5
sun jdk 1.6.0 update_6
sun jdk 1.6.0 update_7
sun jre 1.6.0
sun jre 1.6.0 update_1
sun jre 1.6.0 update_10
sun jre 1.6.0 update_11
sun jre 1.6.0 update_12
sun jre 1.6.0 update_13
sun jre 1.6.0 update_14
sun jre 1.6.0 update_15
sun jre 1.6.0 update_16
sun jre 1.6.0 update_17
sun jre 1.6.0 update_18
sun jre 1.6.0 update_19
sun jre 1.6.0 update_2
sun jre 1.6.0 update_20
sun jre 1.6.0 update_21
sun jre 1.6.0 update_22
sun jre 1.6.0 update_23
sun jre 1.6.0 update_24
sun jre * update_25
sun jre 1.6.0 update_3
sun jre 1.6.0 update_4
sun jre 1.6.0 update_5
sun jre 1.6.0 update_6
sun jre 1.6.0 update_7
microsoft windows *
hp systems insight manager 4.2 sp1
hp systems insight manager 4.2 sp2
hp systems insight manager 5.0 sp1
hp systems insight manager 5.0 sp2
hp systems insight manager 5.0 sp3
hp systems insight manager 5.0 sp5
hp systems insight manager 4.0
hp systems insight manager 5.0
hp systems insight manager 5.3
hp systems insight manager 5.3 update_1
hp systems insight manager 6.0
hp systems insight manager 6.1
hp systems insight manager 6.2
hp systems insight manager 6.3
Denotes that component is vulnerable