← back
CVE-2011-3544

CVE-2011-3544

CVSS 9.8 CRITICALEPSS 96.7%● KEVCWE-284
In short

A security flaw in Java allows untrusted programs downloaded from the internet (Web Start apps and applets) to bypass protection mechanisms and gain unauthorized access to your computer, potentially stealing data or causing damage.

Technical detail

An unspecified vulnerability in Java SE JDK/JRE 6 and 7 (up to Update 27) in the Scripting component allows remote, untrusted Java Web Start applications and applets to escape the sandbox and compromise confidentiality, integrity, and availability of the affected system. The attack requires no user interaction beyond accepting the application execution.

Summary generated and translated by AI from the official description.
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/18171unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlhttp://marc.info/?l=bugtraq&m=132750579901589&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=134254957702612&w=2http://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://secunia.com/advisories/48308http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/70849https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544http://www.ibm.com/developerworks/java/jdk/alerts/http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html