Vulnerability Name:

CVE-2011-3544 (CCN-70849)

Assigned:2011-10-18
Published:2011-10-18
Updated:2018-01-06
Summary:Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-3544

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0114

Source: HP
Type: UNKNOWN
HPSBUX02730

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: CCN
Type: RHSA-2011-1380
Critical: java-1.6.0-openjdk security update

Source: CCN
Type: RHSA-2011-1384
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2012-0034
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2013-1455
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1455

Source: CCN
Type: SA46512
Oracle Java SE Multiple Vulnerabilities

Source: CCN
Type: SA46521
Oracle JRockit Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
48308

Source: CCN
Type: SA53217
IBM Security AppScan Java Multiple Vulnerabilities

Source: CCN
Type: SA53219
IBM Security AppScan Java Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-201406-32

Source: DEBIAN
Type: DSA-2356
openjdk-6 -- several vulnerabilities

Source: DEBIAN
Type: DSA-2358
openjdk-6 -- several vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/developerworks/java/jdk/alerts/

Source: CCN
Type: IBM Security Bulletin 1609022
Vulnerabilities in AppScan Standard

Source: CCN
Type: Oracle Java SE Critical Patch Update Advisory - October 2011
Oracle Java SE Critical Patch Update Advisory - October 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Source: CCN
Type: OSVDB ID: 76500
Oracle Java SE / JRE Rhino Javascript Error Parsing Input Sanitation Weakness Remote Code Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1384

Source: BID
Type: UNKNOWN
50218

Source: CCN
Type: BID-50218
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026215

Source: UBUNTU
Type: UNKNOWN
USN-1263-1

Source: XF
Type: UNKNOWN
oracle-jre-scripting-unspecified(70849)

Source: XF
Type: UNKNOWN
oracle-jre-scripting-unspecified(70849)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:13947

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-30-2011]

Source: CCN
Type: ZDI-11-305
Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20113544
    V
    		CVE-2011-3544
    2022-05-20
    oval:org.opensuse.security:def:33753
    P
    		Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:33714
    P
    		Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32997
    P
    		Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:29415
    P
    		Security update for bind (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:32986
    P
    		Security update for unrar (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:32985
    P
    		Security update for openssl (Important)
    2021-08-24
    oval:org.opensuse.security:def:34499
    P
    		Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:34459
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:33777
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:33076
    P
    		Security update for bind (Important)
    2021-02-18
    oval:org.opensuse.security:def:33665
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:29772
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29330
    P
    		Security update for compat-openssl097g (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30447
    P
    		Security update for IBM Java 1.6.0
    2020-12-01
    oval:org.opensuse.security:def:29568
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33211
    P
    		nagios-nrpe on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28976
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:33821
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29671
    P
    		Security update for dhcpcd
    2020-12-01
    oval:org.opensuse.security:def:33363
    P
    		Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29056
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29728
    P
    		Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:33608
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29273
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:30410
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28975
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:29622
    P
    		Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:33306
    P
    		yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28987
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29710
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:33451
    P
    		Security update for GNOME screensaver
    2020-12-01
    oval:org.opensuse.security:def:29187
    P
    		Security update for mysql (Important)
    2020-12-01
    oval:org.mitre.oval:def:19362
    V
    		HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:13947
    V
    		Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
    2014-08-18
    oval:org.mitre.oval:def:15316
    P
    		USN-1263-1 -- IcedTea-Web, OpenJDK 6 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:15328
    P
    		USN-1263-2 -- OpenJDK 6 regression
    2014-06-30
    oval:org.mitre.oval:def:15374
    P
    		DSA-2358-1 openjdk-6 -- several
    2014-06-23
    oval:org.mitre.oval:def:15281
    P
    		DSA-2356-1 openjdk-6 -- several
    2014-06-23
    oval:org.mitre.oval:def:23893
    P
    		ELSA-2012:1467: java-1.7.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23157
    P
    		ELSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23332
    P
    		ELSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23746
    P
    		ELSA-2011:1380: java-1.6.0-openjdk security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22009
    P
    		RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:20940
    P
    		RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:21002
    P
    		RHSA-2012:1467: java-1.7.0-ibm security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:21558
    P
    		RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)
    2014-02-24
    oval:com.redhat.rhsa:def:20121467
    P
    		RHSA-2012:1467: java-1.7.0-ibm security update (Critical)
    2012-11-15
    oval:com.redhat.rhsa:def:20120034
    P
    		RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2012-01-18
    oval:com.ubuntu.precise:def:20113544000
    V
    		CVE-2011-3544 on Ubuntu 12.04 LTS (precise) - low.
    2011-10-19
    oval:com.redhat.rhsa:def:20111384
    P
    		RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2011-10-19
    oval:com.redhat.rhsa:def:20111380
    P
    		RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)
    2011-10-18
    BACK
    sun jdk 1.7.0
    sun jre 1.7.0
    sun jdk 1.6.0
    sun jdk 1.6.0 update1
    sun jdk 1.6.0 update2
    sun jdk 1.6.0 update_10
    sun jdk 1.6.0 update_11
    sun jdk 1.6.0 update_12
    sun jdk 1.6.0 update_13
    sun jdk 1.6.0 update_14
    sun jdk 1.6.0 update_15
    sun jdk 1.6.0 update_16
    sun jdk 1.6.0 update_17
    sun jdk 1.6.0 update_18
    sun jdk 1.6.0 update_19
    sun jdk 1.6.0 update_20
    sun jdk 1.6.0 update_21
    sun jdk 1.6.0 update_22
    sun jdk 1.6.0 update_23
    sun jdk 1.6.0 update_24
    sun jdk 1.6.0 update_25
    sun jdk 1.6.0 update_26
    sun jdk * update_27
    sun jdk 1.6.0 update_3
    sun jdk 1.6.0 update_4
    sun jdk 1.6.0 update_5
    sun jdk 1.6.0 update_6
    sun jdk 1.6.0 update_7
    sun jre 1.6.0
    sun jre 1.6.0 update_1
    sun jre 1.6.0 update_10
    sun jre 1.6.0 update_11
    sun jre 1.6.0 update_12
    sun jre 1.6.0 update_13
    sun jre 1.6.0 update_14
    sun jre 1.6.0 update_15
    sun jre 1.6.0 update_16
    sun jre 1.6.0 update_17
    sun jre 1.6.0 update_18
    sun jre 1.6.0 update_19
    sun jre 1.6.0 update_2
    sun jre 1.6.0 update_20
    sun jre 1.6.0 update_21
    sun jre 1.6.0 update_22
    sun jre 1.6.0 update_23
    sun jre 1.6.0 update_24
    sun jre 1.6.0 update_25
    sun jre 1.6.0 update_26
    sun jre * update_27
    sun jre 1.6.0 update_3
    sun jre 1.6.0 update_4
    sun jre 1.6.0 update_5
    sun jre 1.6.0 update_6
    sun jre 1.6.0 update_7
    sun jre 1.7.0
    sun jdk 1.7.0
    redhat rhel extras 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop 6
    redhat enterprise linux desktop supplementary 6
    redhat enterprise linux hpc node 6
    redhat enterprise linux hpc node supplementary 6
    redhat enterprise linux server eus 6.1.z
    ibm security appscan 7.9 -
    ibm security appscan 8.0 -
    ibm security appscan 8.5 -