Vulnerability Name:

CVE-2011-3550 (CCN-70843)

Assigned:2011-10-18
Published:2011-10-18
Updated:2018-01-06
Summary:Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-3550

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0114

Source: HP
Type: UNKNOWN
HPSBUX02730

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: CCN
Type: RHSA-2011-1384
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2012-0034
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2013-1455
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1455

Source: CCN
Type: SA46512
Oracle Java SE Multiple Vulnerabilities

Source: CCN
Type: SA46521
Oracle JRockit Multiple Vulnerabilities

Source: CCN
Type: SA46694
Hitachi Cosminexus Products Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
48308

Source: CCN
Type: SA53217
IBM Security AppScan Java Multiple Vulnerabilities

Source: CCN
Type: SA53219
IBM Security AppScan Java Multiple Vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS11-024
Multiple Vulnerabilities in Cosminexus

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/developerworks/java/jdk/alerts/

Source: CCN
Type: IBM Security Bulletin 1609022
Vulnerabilities in AppScan Standard

Source: CCN
Type: Oracle Java SE Critical Patch Update Advisory - October 2011
Oracle Java SE Critical Patch Update Advisory - October 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Source: CCN
Type: OSVDB ID: 76503
Oracle Java SE / JRE AWT Component Unspecified Remote Issue (2011-3550)

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1384

Source: BID
Type: UNKNOWN
50226

Source: CCN
Type: BID-50226
Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026215

Source: XF
Type: UNKNOWN
oracle-jre-awt-unspecified(70843)

Source: XF
Type: UNKNOWN
oracle-jre-awt-unspecified(70843)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14162

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:hitachi:cosminexus_application_server:5:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:6:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_client:06-70-/f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_operator:07-00-05:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_developer:6:-:standard:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_developer:6:-:pro:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20113550
    V
    		CVE-2011-3550
    2022-05-20
    oval:org.opensuse.security:def:33753
    P
    		Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:33714
    P
    		Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32997
    P
    		Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:29415
    P
    		Security update for bind (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:32986
    P
    		Security update for unrar (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:32985
    P
    		Security update for openssl (Important)
    2021-08-24
    oval:org.opensuse.security:def:34499
    P
    		Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:34459
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:33777
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:33076
    P
    		Security update for bind (Important)
    2021-02-18
    oval:org.opensuse.security:def:33665
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:29330
    P
    		Security update for compat-openssl097g (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30447
    P
    		Security update for IBM Java 1.6.0
    2020-12-01
    oval:org.opensuse.security:def:29568
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33211
    P
    		nagios-nrpe on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28976
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:33821
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29671
    P
    		Security update for dhcpcd
    2020-12-01
    oval:org.opensuse.security:def:33363
    P
    		Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29056
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29728
    P
    		Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:33608
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29273
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:30410
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28975
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:29622
    P
    		Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:33306
    P
    		yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28987
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29710
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:33451
    P
    		Security update for GNOME screensaver
    2020-12-01
    oval:org.opensuse.security:def:29187
    P
    		Security update for mysql (Important)
    2020-12-01
    oval:org.opensuse.security:def:29772
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.mitre.oval:def:18833
    V
    		HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:14162
    V
    		Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
    2014-08-18
    oval:org.mitre.oval:def:23332
    P
    		ELSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23157
    P
    		ELSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:20940
    P
    		RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:22009
    P
    		RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-02-24
    oval:com.redhat.rhsa:def:20120034
    P
    		RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2012-01-18
    oval:com.redhat.rhsa:def:20111384
    P
    		RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2011-10-19
    BACK
    sun jdk 1.7.0
    sun jre 1.7.0
    sun jdk 1.6.0
    sun jdk 1.6.0 update1
    sun jdk 1.6.0 update2
    sun jdk 1.6.0 update_10
    sun jdk 1.6.0 update_11
    sun jdk 1.6.0 update_12
    sun jdk 1.6.0 update_13
    sun jdk 1.6.0 update_14
    sun jdk 1.6.0 update_15
    sun jdk 1.6.0 update_16
    sun jdk 1.6.0 update_17
    sun jdk 1.6.0 update_18
    sun jdk 1.6.0 update_19
    sun jdk 1.6.0 update_20
    sun jdk 1.6.0 update_21
    sun jdk 1.6.0 update_22
    sun jdk 1.6.0 update_23
    sun jdk 1.6.0 update_24
    sun jdk 1.6.0 update_25
    sun jdk 1.6.0 update_26
    sun jdk * update_27
    sun jdk 1.6.0 update_3
    sun jdk 1.6.0 update_4
    sun jdk 1.6.0 update_5
    sun jdk 1.6.0 update_6
    sun jdk 1.6.0 update_7
    sun jre 1.6.0
    sun jre 1.6.0 update_1
    sun jre 1.6.0 update_10
    sun jre 1.6.0 update_11
    sun jre 1.6.0 update_12
    sun jre 1.6.0 update_13
    sun jre 1.6.0 update_14
    sun jre 1.6.0 update_15
    sun jre 1.6.0 update_16
    sun jre 1.6.0 update_17
    sun jre 1.6.0 update_18
    sun jre 1.6.0 update_19
    sun jre 1.6.0 update_2
    sun jre 1.6.0 update_20
    sun jre 1.6.0 update_21
    sun jre 1.6.0 update_22
    sun jre 1.6.0 update_23
    sun jre 1.6.0 update_24
    sun jre 1.6.0 update_25
    sun jre 1.6.0 update_26
    sun jre * update_27
    sun jre 1.6.0 update_3
    sun jre 1.6.0 update_4
    sun jre 1.6.0 update_5
    sun jre 1.6.0 update_6
    sun jre 1.6.0 update_7
    sun jre 1.7.0
    sun jdk 1.7.0
    hitachi cosminexus application server 5
    hitachi cosminexus application server 6
    redhat rhel extras 4
    hitachi ucosminexus service architect *
    hitachi ucosminexus client 06-70-/f
    hitachi ucosminexus operator 07-00-05
    hitachi ucosminexus service platform *
    hitachi ucosminexus content manager *
    hitachi cosminexus developer 6 -
    hitachi ucosminexus developer 6 -
    ibm security appscan 7.9 -
    ibm security appscan 8.0 -
    ibm security appscan 8.5 -