CVE-2011-3544

Name of the Vulnerable Software and Affected Versions Oracle Java SE JDK and JRE versions 6 Update 27 and earlier Oracle Java SE JDK and JRE versions 7 and earlier

Description The issue affects the Java Runtime Environment component, allowing remote untrusted Java Web Start applications and untrusted Java applets to impact confidentiality, integrity, and availability. This is related to insufficient protection of internal data in the Scripting component. The vulnerability can be exploited by a remote attacker to affect the integrity, availability, and confidentiality of protected information.

Recommendations For Oracle Java SE JDK and JRE versions 6 Update 27 and earlier, update to a version later than Update 27 to resolve the issue. For Oracle Java SE JDK and JRE versions 7 and earlier, update to a version later than 7 to resolve the issue. As a temporary workaround, consider disabling the use of untrusted Java Web Start applications and untrusted Java applets until a patch is available. Restrict access to the Scripting component to minimize the risk of exploitation.