Vulnerability Name:

CVE-2011-3561 (CCN-70833)

Assigned:2011-10-18
Published:2011-10-18
Updated:2022-05-13
Summary:Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS v3 Severity:3.1 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:1.8 Low (CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N)
1.3 Low (Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.8 Low (CCN CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N)
1.3 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.8 Low (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N)
1.3 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2011-3561

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0114

Source: HP
Type: UNKNOWN
HPSBUX02730

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: HP
Type: UNKNOWN
SSRT100867

Source: OSVDB
Type: UNKNOWN
76513

Source: CCN
Type: RHSA-2011-1384
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2012-0034
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2013-1455
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1455

Source: CCN
Type: SA46512
Oracle Java SE Multiple Vulnerabilities

Source: CCN
Type: SA46521
Oracle JRockit Multiple Vulnerabilities

Source: CCN
Type: SA47313
Attachmate Reflection for the Web Java Multiple Vulnerabilities

Source: CCN
Type: SA47464
IBM Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
48308

Source: CCN
Type: SA48323
VMware ESX / vCenter Server JRE Multiple Vulnerabilities

Source: CCN
Type: SA48335
VMware ESX Server / VirtualCenter JRE Multiple Vulnerabilties

Source: CCN
Type: SA50782
Avaya Communication Manager Oracle Java Multiple Vulnerabilities

Source: CCN
Type: SA53217
IBM Security AppScan Java Multiple Vulnerabilities

Source: CCN
Type: SA53219
IBM Security AppScan Java Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/developerworks/java/jdk/alerts/

Source: CCN
Type: Ibm Support and Download
Fixes contained in Java SDK 1.4.2 Service Refresh 13 Fix Packs

Source: CCN
Type: IBM Security Bulletin 1609022
Vulnerabilities in AppScan Standard

Source: CCN
Type: Oracle Java SE Critical Patch Update Advisory - October 2011
Oracle Java SE Critical Patch Update Advisory - October 2011

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Source: CCN
Type: OSVDB ID: 76513
Oracle Java SE / JRE Deployment Component Unspecified Remote Information Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1384

Source: BID
Type: UNKNOWN
50250

Source: CCN
Type: BID-50250
Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026215

Source: XF
Type: UNKNOWN
oracle-jre-unspec-info-disc(70833)

Source: XF
Type: UNKNOWN
oracle-jre-unspec-info-disc(70833)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14274

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_20:x64:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:*:update27:*:*:*:*:*:* (Version <= 1.6.0)

  • Configuration 4:
  • cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:*:update27:*:*:*:*:*:* (Version <= 1.6.0)
  • OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update24:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20113561
    V
    CVE-2011-3561
    2022-05-20
    oval:org.opensuse.security:def:33753
    P
    Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:33714
    P
    Security update for openssl-1_1 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32997
    P
    Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:29415
    P
    Security update for bind (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:32986
    P
    Security update for unrar (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:32985
    P
    Security update for openssl (Important)
    2021-08-24
    oval:org.opensuse.security:def:34499
    P
    Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:34459
    P
    Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:33777
    P
    Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:33076
    P
    Security update for bind (Important)
    2021-02-18
    oval:org.opensuse.security:def:33665
    P
    Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:29330
    P
    Security update for compat-openssl097g (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30447
    P
    Security update for IBM Java 1.6.0
    2020-12-01
    oval:org.opensuse.security:def:29568
    P
    Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33211
    P
    nagios-nrpe on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28976
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:33821
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29671
    P
    Security update for dhcpcd
    2020-12-01
    oval:org.opensuse.security:def:33363
    P
    Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29056
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:29728
    P
    Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:33608
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29273
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:30410
    P
    Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28975
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:29622
    P
    Security update for bsdtar (Important)
    2020-12-01
    oval:org.opensuse.security:def:33306
    P
    yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28987
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:29710
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:33451
    P
    Security update for GNOME screensaver
    2020-12-01
    oval:org.opensuse.security:def:29187
    P
    Security update for mysql (Important)
    2020-12-01
    oval:org.opensuse.security:def:29772
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.mitre.oval:def:19361
    V
    HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:14274
    V
    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
    2014-08-18
    oval:org.mitre.oval:def:23332
    P
    ELSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23157
    P
    ELSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:20940
    P
    RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2014-02-24
    oval:org.mitre.oval:def:22009
    P
    RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2014-02-24
    oval:com.redhat.rhsa:def:20120034
    P
    RHSA-2012:0034: java-1.6.0-ibm security update (Critical)
    2012-01-18
    oval:com.redhat.rhsa:def:20111384
    P
    RHSA-2011:1384: java-1.6.0-sun security update (Critical)
    2011-10-19
    BACK
    oracle javafx 2.0
    sun jre 1.7.0
    sun jdk 1.7.0
    sun jdk 1.6.0 update_4
    sun jdk 1.6.0 update_7
    sun jdk 1.6.0 update_19
    sun jdk 1.6.0 update_13
    sun jdk 1.6.0 update_3
    sun jdk 1.6.0 update_11
    sun jdk 1.6.0 update_10
    sun jdk 1.6.0 update_14
    sun jdk 1.6.0
    sun jdk 1.6.0 update_17
    sun jdk 1.6.0 update_21
    sun jdk 1.6.0 update_20
    sun jdk 1.6.0 update_16
    oracle jdk 1.6.0 update25
    oracle jdk 1.6.0 update26
    sun jdk 1.6.0 update1
    sun jdk 1.6.0 update2
    sun jdk 1.6.0 update_20
    sun jdk 1.6.0 update_12
    oracle jdk 1.6.0 update22
    sun jdk 1.6.0 update_18
    sun jdk 1.6.0 update_15
    oracle jdk 1.6.0 update23
    oracle jdk 1.6.0 update24
    sun jdk 1.6.0 update_5
    sun jdk 1.6.0 update_6
    sun jdk 1.6.0 update1_b06
    oracle jdk * update27
    sun jre 1.6.0 update_3
    sun jre 1.6.0 update_5
    sun jre 1.6.0 update_13
    sun jre 1.6.0 update_1
    sun jre 1.6.0 update_2
    sun jre 1.6.0 update_16
    sun jre 1.6.0 update_20
    sun jre 1.6.0 update_15
    sun jre 1.6.0 update_6
    sun jre 1.6.0 update_19
    sun jre 1.6.0 update_12
    sun jre 1.6.0 update_11
    sun jre 1.6.0 update_18
    oracle jre 1.6.0 update22
    sun jre 1.6.0 update_7
    sun jre 1.6.0 update_10
    sun jre 1.6.0 update_21
    sun jre 1.6.0
    sun jre 1.6.0 update_17
    oracle jre 1.6.0 update25
    oracle jre 1.6.0 update26
    sun jre 1.6.0 update_4
    oracle jre * update27
    sun jre 1.6.0 update_14
    oracle jre 1.6.0 update23
    oracle jre 1.6.0 update24
    oracle javafx 2.0
    sun jre 1.7.0
    sun jdk 1.7.0
    redhat rhel extras 4
    vmware esx server 4.0
    ibm java 1.4.2
    ibm java 6.0.0.0
    ibm security appscan 7.9 -
    ibm security appscan 8.0 -
    ibm security appscan 8.5 -