RHSA-2011:1384

Executive Summary

Summary
Title	java-1.6.0-sun security update

Informations
Name	RHSA-2011:1384	First vendor Publication	2011-10-19
Vendor	RedHat	Last vendor Modification	2011-10-19
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section. (CVE-2011-3389,
CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,
CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 29 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)
745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)
745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)
745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)
745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)
745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)
747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)
747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-1384.html

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14752

Oval ID:	oval:org.mitre.oval:def:14752
Title:	SSL and TLS Protocols Vulnerability
Description:	The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3389	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):
Definition Synopsis:
Vulnerable Microsoft Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of schannel.dll is less than 5.1.2600.6175 OR Vulnerable Microsoft Windows XP SP2 x64, Windows Server 2003 x86/x64/ia64 SP2 Microsoft Windows XP SP2 x64, Windows Server 2003 x86/x64/ia64 SP2 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of schannel.dll is less than 5.2.3790.4935 OR Vulnerable Microsoft Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2 Microsoft Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2 Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.0.6002.18541 OR LDR the version of schannel.dll is greater than or equal to 6.0.6002.22000 AND the version of schannel.dll is less than 6.0.6002.22742 OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/ia64 Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/ia64 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.1.7600.16915 OR LDR the version of schannel.dll is greater than or equal to 6.1.7600.20000 AND the version of schannel.dll is less than 6.1.7600.21092 OR Vulnerable Microsoft Windows 7 x86/x64 SP1, Windows Server 2008 R2 x64/ia64 SP1 Microsoft Windows 7 x86/x64 SP1, Windows Server 2008 R2 x64/ia64 SP1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed AND Microsoft Windows 7 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.1.7601.17725 OR LDR the version of schannel.dll is greater than or equal to 6.1.7601.21000 AND the version of schannel.dll is less than 6.1.7601.21861

Definition Id: oval:org.mitre.oval:def:14273

Oval ID:	oval:org.mitre.oval:def:14273
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3516	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed

Definition Id: oval:org.mitre.oval:def:13662

Oval ID:	oval:org.mitre.oval:def:13662
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3521	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:13947

Oval ID:	oval:org.mitre.oval:def:13947
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3544	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14180

Oval ID:	oval:org.mitre.oval:def:14180
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3545	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed

Definition Id: oval:org.mitre.oval:def:14291

Oval ID:	oval:org.mitre.oval:def:14291
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3546	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14339

Oval ID:	oval:org.mitre.oval:def:14339
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3547	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14492

Oval ID:	oval:org.mitre.oval:def:14492
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3548	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:13885

Oval ID:	oval:org.mitre.oval:def:13885
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3549	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed

Definition Id: oval:org.mitre.oval:def:14162

Oval ID:	oval:org.mitre.oval:def:14162
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3550	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14318

Oval ID:	oval:org.mitre.oval:def:14318
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3551	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14465

Oval ID:	oval:org.mitre.oval:def:14465
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3552	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14311

Oval ID:	oval:org.mitre.oval:def:14311
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3553	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14524

Oval ID:	oval:org.mitre.oval:def:14524
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3554	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14400

Oval ID:	oval:org.mitre.oval:def:14400
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3555	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14316

Oval ID:	oval:org.mitre.oval:def:14316
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3556	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14373

Oval ID:	oval:org.mitre.oval:def:14373
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3557	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:13475

Oval ID:	oval:org.mitre.oval:def:13475
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3558	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

Definition Id: oval:org.mitre.oval:def:14394

Oval ID:	oval:org.mitre.oval:def:14394
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3560	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Development Kit Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Development Kit is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Development Kit is less than 1.5.0:update32 AND Java SE Development Kit 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.5.0:update32 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update32 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14274

Oval ID:	oval:org.mitre.oval:def:14274
Title:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Description:	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3561	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment Java Development Kit
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_28 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_1 AND Java SE Runtime Environment 7 is installed OR Determine if the version of Java Development Kit is less than 1.6.0:update_28 and is greater than or equal to 1.6.0 Determine if the version of Java Development Kit is less than 1.6.0:update_28 AND Java SE Development Kit 6 is installed OR Determine if the version of Java Development Kit is less than 1.7.0:update_1 and is greater than or equal to 1.7.0 Determine if the version of Java Development Kit is less than 1.7.0:update_1 AND Java SE Development Kit 7 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Google Chrome cpe:/a:google:chrome	1
Application	Microsoft Ie cpe:/a:microsoft:ie	1
Application	Mozilla Firefox cpe:/a:mozilla:firefox	1
Application	Opera Opera Browser cpe:/a:opera:opera_browser	1
Application	Oracle Javafx cpe:/a:oracle:javafx:2.0	1
Application	Oracle Jdk cpe:/a:oracle:jdk:1.7.0 cpe:/a:oracle:jdk:1.6.0:update_25 cpe:/a:oracle:jdk:1.6.0:update_26 cpe:/a:oracle:jdk:1.6.0:update_22 cpe:/a:oracle:jdk:1.6.0:update_23 cpe:/a:oracle:jdk:1.6.0:update_24 cpe:/a:oracle:jdk:1.6.0:update_27	7
Application	Oracle Jre cpe:/a:oracle:jre:1.7.0 cpe:/a:oracle:jre:1.6.0:update_24 cpe:/a:oracle:jre:1.6.0:update_26 cpe:/a:oracle:jre:1.6.0:update_22 cpe:/a:oracle:jre:1.6.0:update_23 cpe:/a:oracle:jre:1.6.0:update_27 cpe:/a:oracle:jre:1.6.0:update_25	7
Application	Oracle Jrockit cpe:/a:oracle:jrockit:r28.1.4 cpe:/a:oracle:jrockit:r28.1.3 cpe:/a:oracle:jrockit:r28.1.1 cpe:/a:oracle:jrockit:r28.1.0 cpe:/a:oracle:jrockit:r28.0.2 cpe:/a:oracle:jrockit:r28.0.1 cpe:/a:oracle:jrockit:r28.0.0	7
Application	Sun Jdk cpe:/a:sun:jdk:1.7.0 cpe:/a:sun:jdk:1.6.0:update_17 cpe:/a:sun:jdk:1.6.0:update_7 cpe:/a:sun:jdk:1.6.0:update_26 cpe:/a:sun:jdk:1.6.0:update_10 cpe:/a:sun:jdk:1.6.0:update_14 cpe:/a:sun:jdk:1.6.0:update_24 cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jdk:1.6.0:update_12 cpe:/a:sun:jdk:1.6.0:update_11 cpe:/a:sun:jdk:1.6.0:update_21 cpe:/a:sun:jdk:1.6.0 cpe:/a:sun:jdk:1.6.0:update_15 cpe:/a:sun:jdk:1.6.0:update_23 cpe:/a:sun:jdk:1.6.0:update_18 cpe:/a:sun:jdk:1.6.0:update_19 cpe:/a:sun:jdk:1.6.0:update_4 cpe:/a:sun:jdk:1.6.0:update_3 cpe:/a:sun:jdk:1.6.0:update_27 cpe:/a:sun:jdk:1.6.0:update_22 cpe:/a:sun:jdk:1.6.0:update_16 cpe:/a:sun:jdk:1.6.0:update_5 cpe:/a:sun:jdk:1.6.0:update_20 cpe:/a:sun:jdk:1.6.0:update_6 cpe:/a:sun:jdk:1.6.0:update_13 cpe:/a:sun:jdk:1.6.0:update_25 cpe:/a:sun:jdk:1.6.0:update_20:x64 cpe:/a:sun:jdk:1.6.0:update1_b06 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update13 cpe:/a:sun:jdk:1.5.0 cpe:/a:sun:jdk:1.5.0:update23 cpe:/a:sun:jdk:1.5.0:update28 cpe:/a:sun:jdk:1.5.0:update21 cpe:/a:sun:jdk:1.5.0:update19 cpe:/a:sun:jdk:1.5.0:update15 cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:jdk:1.5.0:update17 cpe:/a:sun:jdk:1.5.0:update11_b03 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.5.0:update16 cpe:/a:sun:jdk:1.5.0:update31 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update27 cpe:/a:sun:jdk:1.5.0:update6 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update14 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update25 cpe:/a:sun:jdk:1.5.0:update7_b03 cpe:/a:sun:jdk:1.5.0:update26 cpe:/a:sun:jdk:1.5.0:update20 cpe:/a:sun:jdk:1.5.0:update22 cpe:/a:sun:jdk:1.5.0:update24 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update29 cpe:/a:sun:jdk:1.5.0:update18 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jdk:1.4.2_9 cpe:/a:sun:jdk:1.4.2_8 cpe:/a:sun:jdk:1.4.2_7 cpe:/a:sun:jdk:1.4.2_6 cpe:/a:sun:jdk:1.4.2_5 cpe:/a:sun:jdk:1.4.2_4 cpe:/a:sun:jdk:1.4.2_33 cpe:/a:sun:jdk:1.4.2_32 cpe:/a:sun:jdk:1.4.2_31 cpe:/a:sun:jdk:1.4.2_30 cpe:/a:sun:jdk:1.4.2_3 cpe:/a:sun:jdk:1.4.2_29 cpe:/a:sun:jdk:1.4.2_28 cpe:/a:sun:jdk:1.4.2_27 cpe:/a:sun:jdk:1.4.2_26 cpe:/a:sun:jdk:1.4.2_25 cpe:/a:sun:jdk:1.4.2_24 cpe:/a:sun:jdk:1.4.2_24::solaris cpe:/a:sun:jdk:1.4.2_23 cpe:/a:sun:jdk:1.4.2_22 cpe:/a:sun:jdk:1.4.2_21 cpe:/a:sun:jdk:1.4.2_20 cpe:/a:sun:jdk:1.4.2_2 cpe:/a:sun:jdk:1.4.2_19 cpe:/a:sun:jdk:1.4.2_18 cpe:/a:sun:jdk:1.4.2_17 cpe:/a:sun:jdk:1.4.2_16 cpe:/a:sun:jdk:1.4.2_15 cpe:/a:sun:jdk:1.4.2_14 cpe:/a:sun:jdk:1.4.2_13 cpe:/a:sun:jdk:1.4.2_12 cpe:/a:sun:jdk:1.4.2_11 cpe:/a:sun:jdk:1.4.2_10 cpe:/a:sun:jdk:1.4.2_1 cpe:/a:sun:jdk:1.4.2	97
Application	Sun Jre cpe:/a:sun:jre:1.7.0 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jre:1.6.0:update_26 cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.6.0:update_19 cpe:/a:sun:jre:1.6.0:update_20 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.6.0:update_21 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jre:1.6.0:update_24 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.6.0:update_22 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.6.0:update_23 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.6.0:update_27 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_25 cpe:/a:sun:jre:1.6.0:update3 cpe:/a:sun:jre:1.6.0:update2 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update25 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jre:1.5.0:update29 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update22 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.5.0:update31 cpe:/a:sun:jre:1.5.0:update27 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update26 cpe:/a:sun:jre:1.5.0:update24 cpe:/a:sun:jre:1.5.0:update28 cpe:/a:sun:jre:1.4.2_9 cpe:/a:sun:jre:1.4.2_8 cpe:/a:sun:jre:1.4.2_7 cpe:/a:sun:jre:1.4.2_6 cpe:/a:sun:jre:1.4.2_5 cpe:/a:sun:jre:1.4.2_4 cpe:/a:sun:jre:1.4.2_33 cpe:/a:sun:jre:1.4.2_32 cpe:/a:sun:jre:1.4.2_31 cpe:/a:sun:jre:1.4.2_30 cpe:/a:sun:jre:1.4.2_3 cpe:/a:sun:jre:1.4.2_29 cpe:/a:sun:jre:1.4.2_28 cpe:/a:sun:jre:1.4.2_27 cpe:/a:sun:jre:1.4.2_26 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.4.2_2 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:jre:1.4.2	94
Os	Microsoft Windows cpe:/o:microsoft:windows	1

SAINT Exploits

Description	Link
Oracle Java Rhino Script Engine Code Execution	More info here

ExploitDB Exploits

id	Description
2011-11-30	Java Applet Rhino Script Engine Remote Code Execution

Open Source Vulnerability Database (OSVDB)

id	Description
76513	Oracle Java SE JRE Deployment Component Unspecified Remote Information Disclo...
76512	Oracle Java SE JRE JAXWS Component Unspecified Remote Information Disclosure
76511	Oracle Java SE JRE Networking Component Unspecified Remote Information Disclo...
76510	Oracle Java SE JRE HotSpot Component Unspecified Remote Information Disclosure
76509	Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3546)
76508	Oracle Java SE JRE Component Unspecified Remote Issue (2011-3555)
76507	Oracle Java SE JRE JSSE Component Unspecified Remote Issue
76506	Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3557)
76505	Oracle Java SE JRE RMI Component Unspecified Remote Issue (2011-3556)
76504	Oracle Java SE JRE Deployment Component Unspecified Remote Issue (2011-3516)
76503	Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3550)
76502	Oracle Java SE JRE 2D Component Unspecified Remote Issue
76501	Oracle Java SE JRE Swing Component Unspecified Remote Issue
76500	Oracle Java SE JRE Rhino Javascript Error Parsing Input Sanitation Weakness R...
76499	Oracle Java SE JRE jsound.dll MixerSequencer.nAddControllerEventCallback Func...
76498	Oracle Java SE JRE Component Unspecified Remote Issue (2011-3554)
76497	Oracle Java SE JRE Networking Component java.net.Socket API UDP Socket Satura...
76496	Oracle Java SE JRE IIOP Deserialization Applet Handling Remote Code Execution
76495	Oracle Java SE JRE AWT Component Unspecified Remote Issue (2011-3548)
74829	SSL Chained Initialization Vector CBC Mode MiTM Weakness

Metasploit Database

id	Description
2011-10-18	Java Applet Rhino Script Engine Remote Code Execution

Global Informations

Type	Count
Oval ID(s)	20
CPE ID(s)	218
Saint Exploit(s)	1
osvdb(s)	20
ExploitDB Exploit(s)	1
Metasploit Exploit(s)	1

Related	Severity
CVE-2011-3554	(Critical)
CVE-2011-3549	(Critical)
CVE-2011-3548	(Critical)
CVE-2011-3545	(Critical)
CVE-2011-3544	(Critical)
CVE-2011-3521	(Critical)
CVE-2011-3551	(Critical)
CVE-2011-3550	(High)
CVE-2011-3516	(High)
CVE-2011-3556	(High)
CVE-2011-3557	(Medium)
CVE-2011-3560	(Medium)
CVE-2011-3555	(Medium)
CVE-2011-3546	(Medium)
CVE-2011-3558	(Medium)
CVE-2011-3547	(Medium)
CVE-2011-3389	(Medium)
CVE-2011-3553	(Low)
CVE-2011-3552	(Low)
CVE-2011-3561	(Low)