Vulnerability CVE-2011-3553 - CERT Civis.Net

Vulnerability Name:

CVE-2011-3553 (CCN-70840)

Assigned:

2011-10-18

Published:

2011-10-18

Updated:

2018-01-06

Summary:

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.

CVSS v3 Severity:

2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.5 Low (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2011-3553

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0114

Source: HP
Type: UNKNOWN
HPSBUX02730

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: OSVDB
Type: UNKNOWN
76512

Source: CCN
Type: RHSA-2011-1380
Critical: java-1.6.0-openjdk security update

Source: CCN
Type: RHSA-2011-1384
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2012-0034
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2013-1455
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1455

Source: CCN
Type: SA46512
Oracle Java SE Multiple Vulnerabilities

Source: CCN
Type: SA46521
Oracle JRockit Multiple Vulnerabilities

Source: CCN
Type: SA46694
Hitachi Cosminexus Products Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
48308

Source: CCN
Type: SA53217
IBM Security AppScan Java Multiple Vulnerabilities

Source: CCN
Type: SA53219
IBM Security AppScan Java Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-201406-32

Source: DEBIAN
Type: DSA-2356
openjdk-6 -- several vulnerabilities

Source: DEBIAN
Type: DSA-2358
openjdk-6 -- several vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS11-024
Multiple Vulnerabilities in Cosminexus

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/developerworks/java/jdk/alerts/

Source: CCN
Type: IBM Security Bulletin 1609022
Vulnerabilities in AppScan Standard

Source: CCN
Type: Oracle Java SE Critical Patch Update Advisory - October 2011
Oracle Java SE Critical Patch Update Advisory - October 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Source: CCN
Type: OSVDB ID: 76512
Oracle Java SE / JRE JAXWS Component Unspecified Remote Information Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1384

Source: BID
Type: UNKNOWN
50246

Source: CCN
Type: BID-50246
Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026215

Source: UBUNTU
Type: UNKNOWN
USN-1263-1

Source: XF
Type: UNKNOWN
oracle-jre-jaxws-info-disc(70840)

Source: XF
Type: UNKNOWN
oracle-jre-jaxws-info-disc(70840)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14311

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:*:*:*:*:*:*:*:* (Version <= r28.1.4)

Configuration 3:

cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_22:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_23:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_24:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_25:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_26:*:*:*:*:*:*

OR cpe:/a:sun:jre:*:update_27:*:*:*:*:*:* (Version <= 1.6.0)

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*

AND

cpe:/a:hitachi:cosminexus_application_server:5:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_application_server:6:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_client:06-70-/f:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_operator:07-00-05:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_content_manager:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_developer:6:-:standard:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_developer:6:-:pro:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*

OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20113553	V	CVE-2011-3553	2022-05-20
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:33714	P	Security update for openssl-1_1 (Low)	2021-09-09
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:29415	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:32986	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:32985	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:34499	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:34459	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:33777	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:33076	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:33665	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:28987	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29710	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:33451	P	Security update for GNOME screensaver	2020-12-01
oval:org.opensuse.security:def:29187	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:29772	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:29330	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:30447	P	Security update for IBM Java 1.6.0	2020-12-01
oval:org.opensuse.security:def:29568	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:33211	P	nagios-nrpe on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28976	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:33821	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:29671	P	Security update for dhcpcd	2020-12-01
oval:org.opensuse.security:def:33363	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29056	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29728	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:33608	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29273	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:30410	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28975	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:29622	P	Security update for bsdtar (Important)	2020-12-01
oval:org.opensuse.security:def:33306	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:19683	V	HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities	2015-04-20
oval:org.mitre.oval:def:14311	V	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.	2014-08-18
oval:org.mitre.oval:def:15328	P	USN-1263-2 -- OpenJDK 6 regression	2014-06-30
oval:org.mitre.oval:def:15316	P	USN-1263-1 -- IcedTea-Web, OpenJDK 6 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15374	P	DSA-2358-1 openjdk-6 -- several	2014-06-23
oval:org.mitre.oval:def:15281	P	DSA-2356-1 openjdk-6 -- several	2014-06-23
oval:org.mitre.oval:def:23332	P	ELSA-2011:1384: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23746	P	ELSA-2011:1380: java-1.6.0-openjdk security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23157	P	ELSA-2012:0034: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:21558	P	RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)	2014-02-24
oval:org.mitre.oval:def:22009	P	RHSA-2011:1384: java-1.6.0-sun security update (Critical)	2014-02-24
oval:org.mitre.oval:def:20940	P	RHSA-2012:0034: java-1.6.0-ibm security update (Critical)	2014-02-24
oval:com.redhat.rhsa:def:20120034	P	RHSA-2012:0034: java-1.6.0-ibm security update (Critical)	2012-01-18
oval:com.redhat.rhsa:def:20111384	P	RHSA-2011:1384: java-1.6.0-sun security update (Critical)	2011-10-19
oval:com.ubuntu.precise:def:20113553000	V	CVE-2011-3553 on Ubuntu 12.04 LTS (precise) - medium.	2011-10-19
oval:com.redhat.rhsa:def:20111380	P	RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)	2011-10-18