Executive Summary

Informations
Name CVE-2011-3387 First vendor Publication 2011-09-02
Vendor Cve Last vendor Modification 2017-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3387

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22149
 
Oval ID: oval:org.mitre.oval:def:22149
Title: RHSA-2011:1159: java-1.4.2-ibm security update (Critical)
Description: The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.
Family: unix Class: patch
Reference(s): RHSA-2011:1159-01
CVE-2011-0311
CVE-2011-0802
CVE-2011-0814
CVE-2011-0862
CVE-2011-0865
CVE-2011-0867
CVE-2011-0871
CVE-2011-3387
 Version: 107
Platform(s): Red Hat Enterprise Linux 5
 Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23312
 
Oval ID: oval:org.mitre.oval:def:23312
Title: ELSA-2011:1159: java-1.4.2-ibm security update (Critical)
Description: The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.
Family: unix Class: patch
Reference(s): ELSA-2011:1159-01
CVE-2011-0311
CVE-2011-0802
CVE-2011-0814
CVE-2011-0862
CVE-2011-0865
CVE-2011-0867
CVE-2011-0871
CVE-2011-3387
 Version: 37
Platform(s): Oracle Linux 5
 Product(s): java-1.4.2-ibm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
75247 IBM Java Class File Parser Attribute Length Field Parsing Remote DoS

Nessus® Vulnerability Scanner

Date Description
2011-08-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1159.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
AIXAPAR https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551
REDHAT http://www.redhat.com/support/errata/RHSA-2011-1265.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/69641

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:17:32
  • Multiple Updates
2021-04-22 01:20:51
  • Multiple Updates
2020-05-23 00:31:05
  • Multiple Updates
2017-08-29 09:23:31
  • Multiple Updates
2014-02-17 11:05:06
  • Multiple Updates
2013-05-10 23:07:16
  • Multiple Updates