CVE-2011-3560

Executive Summary

Informations
Name	CVE-2011-3560	First vendor Publication	2011-10-19
Vendor	Cve	Last vendor Modification	2013-02-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14394

Oval ID:	oval:org.mitre.oval:def:14394
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3560	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:/a:sun:jdk:1.7.0 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.6.0:update_19 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_22 cpe:/a:sun:jdk:1.6.0:update_27 cpe:/a:sun:jdk:1.6.0:update_24 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:jdk:1.6.0:update_20 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jdk:1.6.0:update_21 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jdk:1.6.0:update_23 cpe:/a:sun:jdk:1.6.0:update_26 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.6.0:update_25 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jdk:1.5.0:update28 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jdk:1.5.0:update31 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.5.0:update26 cpe:/a:sun:jdk:1.5.0:update27 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.5.0:update22 cpe:/a:sun:jdk:1.5.0:update24 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update29 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jdk:1.5.0:update7_b03 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:jdk:1.5.0:update25 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jdk:1.5.0:update11_b03 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.4.2_9 cpe:/a:sun:jdk:1.4.2_8 cpe:/a:sun:jdk:1.4.2_7 cpe:/a:sun:jdk:1.4.2_6 cpe:/a:sun:jdk:1.4.2_5 cpe:/a:sun:jdk:1.4.2_4 cpe:/a:sun:jdk:1.4.2_33 cpe:/a:sun:jdk:1.4.2_32 cpe:/a:sun:jdk:1.4.2_31 cpe:/a:sun:jdk:1.4.2_30 cpe:/a:sun:jdk:1.4.2_3 cpe:/a:sun:jdk:1.4.2_29 cpe:/a:sun:jdk:1.4.2_28 cpe:/a:sun:jdk:1.4.2_27 cpe:/a:sun:jdk:1.4.2_26 cpe:/a:sun:jdk:1.4.2_25 cpe:/a:sun:jdk:1.4.2_24 cpe:/a:sun:jdk:1.4.2_23 cpe:/a:sun:jdk:1.4.2_22 cpe:/a:sun:jdk:1.4.2_21 cpe:/a:sun:jdk:1.4.2_20 cpe:/a:sun:jdk:1.4.2_2 cpe:/a:sun:jdk:1.4.2_19 cpe:/a:sun:jdk:1.4.2_18 cpe:/a:sun:jdk:1.4.2_17 cpe:/a:sun:jdk:1.4.2_16 cpe:/a:sun:jdk:1.4.2_15 cpe:/a:sun:jdk:1.4.2_14 cpe:/a:sun:jdk:1.4.2_13 cpe:/a:sun:jdk:1.4.2_12 cpe:/a:sun:jdk:1.4.2_11 cpe:/a:sun:jdk:1.4.2_10 cpe:/a:sun:jdk:1.4.2_1 cpe:/a:sun:jdk:1.4.2	94
Application	Sun Jre cpe:/a:sun:jre:1.7.0 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_19 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.6.0:update_24 cpe:/a:sun:jre:1.6.0:update_26 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.6.0:update_23 cpe:/a:sun:jre:1.6.0:update_20 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_22 cpe:/a:sun:jre:1.6.0:update_21 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.6.0:update_27 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_25 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jre:1.5.0:update29 cpe:/a:sun:jre:1.5.0:update25 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update22 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update31 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update26 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update24 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update27 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jre:1.4.2_9 cpe:/a:sun:jre:1.4.2_8 cpe:/a:sun:jre:1.4.2_7 cpe:/a:sun:jre:1.4.2_6 cpe:/a:sun:jre:1.4.2_5 cpe:/a:sun:jre:1.4.2_4 cpe:/a:sun:jre:1.4.2_33 cpe:/a:sun:jre:1.4.2_32 cpe:/a:sun:jre:1.4.2_31 cpe:/a:sun:jre:1.4.2_30 cpe:/a:sun:jre:1.4.2_3 cpe:/a:sun:jre:1.4.2_29 cpe:/a:sun:jre:1.4.2_28 cpe:/a:sun:jre:1.4.2_27 cpe:/a:sun:jre:1.4.2_26 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.4.2_2 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:jre:1.4.2	91

Open Source Vulnerability Database (OSVDB)

id	Description
76507	Oracle Java SE JRE JSSE Component Unspecified Remote Issue

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/50236
CONFIRM	http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
HP	http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=132750579901589&w=2
OSVDB	http://osvdb.org/76507
REDHAT	http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html
SECTRACK	http://www.securitytracker.com/id?1026215
SECUNIA	http://secunia.com/advisories/48692 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/49198
SUSE	http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
XF	http://xforce.iss.net/xforce/xfdb/70834

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:07:47	Multiple Updates
2013-02-15 13:20:09	Multiple Updates
2012-12-06 13:19:45	Multiple Updates
2012-11-07 05:20:59	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	185
osvdb(s)	1

Related	Severity
USN-1263-2	(Critical)
USN-1263-1	(Critical)
RHSA-2012:0508	(Critical)
RHSA-2012:0034	(Critical)
RHSA-2012:0006	(Critical)
RHSA-2011:1384	(Critical)
RHSA-2011:1380	(Critical)
MDVSA-2011:170	(Critical)
HPSBUX02777 SSR...	(Critical)
HPSBUX02760 SSR...	(Critical)
HPSBUX02730 SSR...	(Critical)
HPSBMU02799 SSR...	(Critical)
HPSBMU02797 SSR...	(Critical)
GLSA-201111-02	(Critical)
DSA-2358	(Critical)
DSA-2356	(Critical)