Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2356-1
HistoryDec 01, 2011 - 12:00 a.m.

openjdk-6 - several

2011-12-0100:00:00
Google
osv.dev
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.7%

JSON

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform:

  • CVE-2011-3389
    The TLS implementation does not guard properly against certain
    chosen-plaintext attacks when block ciphers are used in CBC
    mode.
  • CVE-2011-3521
    The CORBA implementation contains a deserialization
    vulnerability in the IIOP implementation, allowing untrusted
    Java code (such as applets) to elevate its privileges.
  • CVE-2011-3544
    The Java scripting engine lacks necessary security manager
    checks, allowing untrusted Java code (such as applets) to
    elevate its privileges.
  • CVE-2011-3547
    The skip() method in java.io.InputStream uses a shared buffer,
    allowing untrusted Java code (such as applets) to access data
    that is skipped by other code.
  • CVE-2011-3548
    The java.awt.AWTKeyStroke class contains a flaw which allows
    untrusted Java code (such as applets) to elevate its
    privileges.
  • CVE-2011-3551
    The Java2D C code contains an integer overflow which results
    in a heap-based buffer overflow, potentially allowing
    untrusted Java code (such as applets) to elevate its
    privileges.
  • CVE-2011-3552
    Malicous Java code can use up an excessive amount of UDP
    ports, leading to a denial of service.
  • CVE-2011-3553
    JAX-WS enables stack traces for certain server responses by
    default, potentially leaking sensitive information.
  • CVE-2011-3554
    JAR files in pack200 format are not properly checked for
    errors, potentially leading to arbitrary code execution when
    unpacking crafted pack200 files.
  • CVE-2011-3556
    The RMI Registry server lacks access restrictions on certain
    methods, allowing a remote client to execute arbitary code.
  • CVE-2011-3557
    The RMI Registry server fails to properly restrict privileges
    of untrusted Java code, allowing RMI clients to elevate their
    privileges on the RMI Registry server.
  • CVE-2011-3560
    The com.sun.net.ssl.HttpsURLConnection class does not perform
    proper security manager checks in the setSSLSocketFactory()
    method, allowing untrusted Java code to bypass security policy
    restrictions.

For the stable distribution (squeeze), this problem has been fixed in
version 6b18-1.8.10-0+squeeze2.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 6b23~pre11-1.

We recommend that you upgrade your openjdk-6 packages.

Related

debian 2
openvas 62
nessus 32
fedora 18
amazon 1
centos 1
redhat 6
oraclelinux 1
ubuntu 2
securityvulns 4
threatpost 7
suse 5
osv 1
ibm 1
prion 10
cve 9
ubuntucve 10
seebug 3
veracode 10
cert 1
thn 2
canvas 1
checkpoint_advisories 1
saint 4
zdi 2
packetstorm 1
metasploit 1
attackerkb 1
debian
debian
[SECURITY] [DSA 2356-1] openjdk-6 security update
2011-12-01 20:33:15
[SECURITY] [DSA 2358-1] openjdk-6 security update
2011-12-05 19:26:27
openvas
openvas
Debian Security Advisory DSA 2356-1 (openjdk-6)
2012-02-11 00:00:00
Debian Security Advisory DSA 2356-1 (openjdk-6)
2012-02-11 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01
2011-10-21 00:00:00
nessus
nessus
Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)
2011-12-02 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2011-10) (BEAST)
2013-09-04 00:00:00
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2011-1380) (BEAST)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16
2011-11-05 01:27:14
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16
2011-11-10 17:36:54
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
amazon
amazon
Critical: java-1.6.0-openjdk
2011-10-31 18:22:00
centos
centos
java security update
2011-10-19 21:07:19
redhat
redhat
(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update
2011-10-18 00:00:00
(RHSA-2012:0006) Critical: java-1.4.2-ibm security update
2012-01-09 00:00:00
(RHSA-2012:0343) Moderate: java-1.4.2-ibm-sap security update
2012-02-29 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2011-10-18 00:00:00
ubuntu
ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities
2011-11-16 00:00:00
OpenJDK 6 regression
2012-01-24 00:00:00
securityvulns
securityvulns
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
2011-11-11 00:00:00
Oracle Java multiple security vulnerabilities
2011-11-11 00:00:00
ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
2011-10-31 00:00:00
threatpost
threatpost
Apple Releases New Java Updates, Fix 17 Flaws
2011-11-09 17:09:04
New Trojan For Mac Used In Attacks On Tibetan NGOs
2012-03-21 18:31:56
Java Exploit Linked to Red October Espionage Malware Campaign
2013-01-15 17:40:04
suse
suse
Security update for IBM Java 1.4.2 (important)
2012-01-26 04:08:11
Security update for IBM Java 1.4.2 (important)
2012-02-23 22:08:13
Security update for IBM Java 1.6.0 (important)
2012-03-06 21:08:29
osv
osv
openjdk-6 - several
2011-12-05 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:01:55
prion
prion
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
Design/Logic Flaw
2011-10-19 21:55:00
cve
cve
CVE-2011-3556
2011-10-19 21:55:00
CVE-2011-3557
2011-10-19 21:55:00
CVE-2011-3548
2011-10-19 21:55:00
ubuntucve
ubuntucve
CVE-2011-3556
2011-10-19 00:00:00
CVE-2011-3557
2011-10-19 00:00:00
CVE-2011-3554
2011-10-19 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
Java Applet Rhino Script Engine Remote Code Execution
2014-07-01 00:00:00
Oracle Java Applet Rhino脚本引擎远程代码执行漏洞
2011-12-01 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 04:56:00
Information Disclosure
2019-05-02 04:56:00
Authorization Bypass
2019-05-02 04:56:00
cert
cert
IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
2020-02-12 00:00:00
thn
thn
Kaspersky finds Malware that resides in your RAM
2012-03-20 13:48:00
Office based Trojan threat for Mac OS X by Chinese hackers
2012-03-29 17:25:00
canvas
canvas
Immunity Canvas: JAVA_RHINO
2011-10-19 21:55:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Applet Rhino Script Engine Policy Bypass (CVE-2011-3544)
2012-03-19 00:00:00
saint
saint
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
Oracle Java Rhino Script Engine Code Execution
2011-12-02 00:00:00
zdi
zdi
Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
2011-10-26 00:00:00
Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
2011-10-26 00:00:00
packetstorm
packetstorm
Java Applet Rhino Script Engine Remote Code Execution
2011-11-30 00:00:00
metasploit
metasploit
Java Applet Rhino Script Engine Remote Code Execution
2011-11-30 00:05:20
attackerkb
attackerkb
CVE-2011-3544
2011-10-19 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.7%

JSON
Related for OSV:DSA-2356-1
debian2openvas62nessus32fedora18amazon1centos1redhat6oraclelinux1ubuntu2securityvulns4threatpost7suse5osv1ibm1prion10cve9ubuntucve10seebug3veracode10cert1thn2canvas1checkpoint_advisories1saint4zdi2packetstorm1metasploit1attackerkb1