This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.

References

www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

seebug 3

threatpost 10

thn 2

canvas 1

checkpoint_advisories 1

prion 1

saint 4

packetstorm 1

metasploit 1

veracode 1

securityvulns 3

attackerkb 1

cve 1

ubuntucve 1

cisa_kev 1

exploitdb 1

symantec 1

fireeye 1

openvas 63

fedora 18

debian 2

nessus 31

osv 2

redhat 5

oraclelinux 1

centos 1

amazon 1

ubuntu 2

suse 2

ibm 1

securelist 1

gentoo 2

seebug

Java Applet Rhino Script Engine Remote Code Execution

2014-07-01 00:00:00

Oracle Java Applet Rhino脚本引擎远程代码执行漏洞

2011-12-01 00:00:00

IBM Rational AppScan 8.x/7.x 多个安全漏洞

2012-06-16 00:00:00

threatpost

New Trojan For Mac Used In Attacks On Tibetan NGOs

2012-03-21 18:31:56

Java Exploit Linked to Red October Espionage Malware Campaign

2013-01-15 17:40:04

Exploit Kits Now Updated With New Wares Before Patches Are Ready

2011-12-20 13:09:34

thn

Office based Trojan threat for Mac OS X by Chinese hackers

2012-03-29 17:25:00

Kaspersky finds Malware that resides in your RAM

2012-03-20 13:48:00

canvas

Immunity Canvas: JAVA_RHINO

2011-10-19 21:55:00

checkpoint_advisories

Oracle Java Applet Rhino Script Engine Policy Bypass (CVE-2011-3544)

2012-03-19 00:00:00

prion

Design/Logic Flaw

2011-10-19 21:55:00

saint

Oracle Java Rhino Script Engine Code Execution

2011-12-02 00:00:00

Oracle Java Rhino Script Engine Code Execution

2011-12-02 00:00:00

Oracle Java Rhino Script Engine Code Execution

2011-12-02 00:00:00

packetstorm

Java Applet Rhino Script Engine Remote Code Execution

2011-11-30 00:00:00

metasploit

Java Applet Rhino Script Engine Remote Code Execution

2011-11-30 00:05:20

veracode

Authorization Bypass

2019-05-02 04:55:59

securityvulns

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

2011-10-31 00:00:00

APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6

2011-11-11 00:00:00

Oracle Java multiple security vulnerabilities

2011-11-11 00:00:00

attackerkb

CVE-2011-3544

2011-10-19 00:00:00

cve

CVE-2011-3544

2011-10-19 21:55:00

ubuntucve

CVE-2011-3544

2011-10-19 00:00:00

cisa_kev

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

2022-03-03 00:00:00

exploitdb

Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)

2011-11-30 00:00:00

symantec

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

2011-10-18 00:00:00

fireeye

Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents

2013-03-20 17:26:00

openvas

Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)

2011-11-15 00:00:00

Oracle Java SE 6, 7 Multiple Vulnerabilities (cpuoct2011) - Windows

2011-11-15 00:00:00

Ubuntu: Security Advisory (USN-1263-2)

2012-01-25 00:00:00

fedora

[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16

2011-11-10 17:36:54

[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16

2011-11-05 01:27:14

[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16

2012-09-19 03:03:35

debian

[SECURITY] [DSA 2356-1] openjdk-6 security update

2011-12-01 20:33:15

[SECURITY] [DSA 2358-1] openjdk-6 security update

2011-12-05 19:26:27

nessus

Fedora 16 : java-1.7.0-openjdk-1.7.0.1-2.0.2.fc16 (2011-15555)

2011-11-14 00:00:00

Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)

2011-12-02 00:00:00

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST)

2011-11-07 00:00:00

osv

openjdk-6 - several

2011-12-01 00:00:00

openjdk-6 - several

2011-12-05 00:00:00

redhat

(RHSA-2011:1380) Critical: java-1.6.0-openjdk security update

2011-10-18 00:00:00

(RHSA-2012:0034) Critical: java-1.6.0-ibm security update

2012-01-18 00:00:00

(RHSA-2011:1384) Critical: java-1.6.0-sun security update

2011-10-19 00:00:00

oraclelinux

java-1.6.0-openjdk security update

2011-10-18 00:00:00

centos

java security update

2011-10-19 21:07:19

amazon

Critical: java-1.6.0-openjdk

2011-10-31 18:22:00

ubuntu

OpenJDK 6 regression

2012-01-24 00:00:00

IcedTea-Web, OpenJDK 6 vulnerabilities

2011-11-16 00:00:00

suse

Security update for IBM Java (important)

2012-01-23 17:08:23

Security update for IBM Java 1.6.0 (important)

2012-03-06 21:08:29

ibm

Potential Security Vulnerabilities With JavaTM SDKs

2018-06-17 14:01:55

securelist

Investigation Report for the September 2014 Equation malware detection incident in the US

2017-11-16 10:00:34

gentoo

Oracle JRE/JDK: Multiple vulnerabilities

2011-11-05 00:00:00

IcedTea JDK: Multiple vulnerabilities

2014-06-29 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Related for ZDI-11-305