Executive Summary

Informations
NameCVE-2011-3560First vendor Publication2011-10-19
VendorCveLast vendor Modification2014-02-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21558
 
Oval ID: oval:org.mitre.oval:def:21558
Title: RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: patch
Reference(s): RHSA-2011:1380-01
CESA-2011:1380
CVE-2011-3389
CVE-2011-3521
CVE-2011-3544
CVE-2011-3547
CVE-2011-3548
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
Version: 159
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21364
 
Oval ID: oval:org.mitre.oval:def:21364
Title: RHSA-2012:0006: java-1.4.2-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: patch
Reference(s): RHSA-2012:0006-01
CVE-2011-3389
CVE-2011-3545
CVE-2011-3547
CVE-2011-3548
CVE-2011-3549
CVE-2011-3552
CVE-2011-3556
CVE-2011-3557
CVE-2011-3560
Version: 107
Platform(s): Red Hat Enterprise Linux 5
Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19792
 
Oval ID: oval:org.mitre.oval:def:19792
Title: HP-UX Running Java JRE and JDK, Remote Denial of Service (DoS), Unauthorized Modification and Disclosure of Information
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3560
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14394
 
Oval ID: oval:org.mitre.oval:def:14394
Title: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3560
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Development Kit
Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23746
 
Oval ID: oval:org.mitre.oval:def:23746
Title: ELSA-2011:1380: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: patch
Reference(s): ELSA-2011:1380-01
CVE-2011-3389
CVE-2011-3521
CVE-2011-3544
CVE-2011-3547
CVE-2011-3548
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
Version: 50
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23077
 
Oval ID: oval:org.mitre.oval:def:23077
Title: ELSA-2012:0006: java-1.4.2-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: patch
Reference(s): ELSA-2012:0006-01
CVE-2011-3389
CVE-2011-3545
CVE-2011-3547
CVE-2011-3548
CVE-2011-3549
CVE-2011-3552
CVE-2011-3556
CVE-2011-3557
CVE-2011-3560
Version: 34
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22840
 
Oval ID: oval:org.mitre.oval:def:22840
Title: ELSA-2011:1380: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family: unix Class: patch
Reference(s): ELSA-2011:1380-01
CVE-2011-3389
CVE-2011-3521
CVE-2011-3544
CVE-2011-3547
CVE-2011-3548
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
Version: 50
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application94
Application91

OpenVAS Exploits

DateDescription
2012-10-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl
2012-10-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351
File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl
2012-09-22Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127
File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl
2012-09-04Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138
File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl
2012-07-30Name : CentOS Update for java CESA-2011:1380 centos5 x86_64
File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl
2012-06-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541
File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl
2012-06-19Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545
File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl
2012-06-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593
File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690
File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711
File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl
2012-04-02Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020
File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl
2012-03-19Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555
File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl
2012-03-09Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721
File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201111_02.nasl
2012-02-11Name : Debian Security Advisory DSA 2356-1 (openjdk-6)
File : nvt/deb_2356_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2358-1 (openjdk-6)
File : nvt/deb_2358_1.nasl
2012-01-25Name : Ubuntu Update for openjdk-6 USN-1263-2
File : nvt/gb_ubuntu_USN_1263_2.nasl
2011-11-18Name : Ubuntu Update for icedtea-web USN-1263-1
File : nvt/gb_ubuntu_USN_1263_1.nasl
2011-11-15Name : Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)
File : nvt/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl
2011-11-14Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2011_170.nasl
2011-10-21Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01
File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl
2011-10-21Name : CentOS Update for java CESA-2011:1380 centos5 i386
File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl
2011-10-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638
File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl
2011-10-21Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648
File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl
0000-00-00Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1
File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
76507Oracle Java SE JRE JSSE Component Unspecified Remote Issue

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-03-29IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0
Severity : Category I - VMSKEY : V0031901

Nessus® Vulnerability Scanner

DateDescription
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO
2013-02-22Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_oct_2011_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-04-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO
2012-03-09Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO
2012-02-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO
2012-02-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO
2012-01-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO
2012-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO
2011-12-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO
2011-11-17Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO
2011-11-14Name : The remote Fedora host is missing a security update.
File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO
2011-11-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO
2011-11-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO
2011-10-20Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO
2011-10-20Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_oct_2011.nasl - Type : ACT_GATHER_INFO
2011-10-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO
2011-10-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/50236
CONFIRMhttp://www.ibm.com/developerworks/java/jdk/alerts/
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
HPhttp://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132750579901589&w=2
OSVDBhttp://osvdb.org/76507
REDHAThttp://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
SECTRACKhttp://www.securitytracker.com/id?1026215
SECUNIAhttp://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
UBUNTUhttp://www.ubuntu.com/usn/USN-1263-1
XFhttp://xforce.iss.net/xforce/xfdb/70834

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2014-02-17 11:05:21
  • Multiple Updates
2014-02-07 13:19:52
  • Multiple Updates
2013-11-11 12:39:37
  • Multiple Updates
2013-10-31 13:19:05
  • Multiple Updates
2013-05-10 23:07:47
  • Multiple Updates
2013-02-15 13:20:09
  • Multiple Updates
2012-12-06 13:19:45
  • Multiple Updates
2012-11-07 05:20:59
  • Multiple Updates