PT-2011-4499 · Oracle+3 · Java Se Jdk+5

Published

2011-10-18

Updated

2018-01-06

CVE-2011-3521

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE JDK and JRE versions 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier

Description The issue allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This can lead to a remote code execution vulnerability.

Recommendations For Oracle Java SE JDK and JRE versions 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier, consider disabling the Deserialization functionality as a temporary workaround until a patch is available. Restrict access to untrusted Java Web Start applications and untrusted Java applets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-3521

DSA-2356-1

DSA-2358-1

HPSBUX02730

HPSBUX02760

RHSA-2011:1380

RHSA-2011:1384

RHSA-2011_1380

RHSA-2011_1384

RHSA-2012:0034

RHSA-2012_0034

RHSA-2013:1455

ZDI-11-306

Affected Products

Hp-Ux

Java Platform

Java Se Jdk

Java Se Jre

Red Hat

Suse

PT-2011-4499 · Oracle+3 · Java Se Jdk+5

CVE-2011-3521

Related Identifiers

Affected Products

References · 87