VAR-201110-0352
Vulnerability from variot - Updated: 2025-12-21 22:39Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deserialization' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46694
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
RELEASE DATE: 2011-11-08
DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46694/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46694
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java.
For more information: SA46512
Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges.
CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact.
CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.)
CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine.
CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection.
CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code.
CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode.
CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1.
We recommend that you upgrade your openjdk-6 packages.
-- Vendor Response:
Oracle has issued an update to correct this vulnerability. More details can be found at:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
-- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-10-26 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by:
- Sami Koivu
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
. ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011
icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed.
Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation
Details:
Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377)
Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389)
It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. (CVE-2011-3521)
It was discovered that the Java scripting engine did not perform SecurityManager checks. (CVE-2011-3544)
It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547)
It was discovered that a vulnerability existed in the AWTKeyStroke class. (CVE-2011-3548)
It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. (CVE-2011-3551)
It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552)
It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553)
It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554)
It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. (CVE-2011-3556, CVE-2011-3557)
It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558)
It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10
Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 =====================================================================
- Summary:
Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
-
Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect.
-
Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
- Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm
x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- .
Release Date: 2012-01-23 Last Updated: 2012-01-23
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 23 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.7.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.7.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jdk",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jre",
"scope": "lte",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.6.0"
},
{
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 32",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 28",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0 28",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 1.5.0 27",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"model": "jdk 1.5.0 26",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"model": "jre 1.5.0 29",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 31",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 30",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0 24",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"model": "java runtime",
"scope": null,
"trust": 0.7,
"vendor": "oracle",
"version": null
},
{
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "java se sr8 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.8"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "trio tview software",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.27.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "trio tview software",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.29.0"
},
{
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-70"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "ucosminexus client for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "010"
},
{
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux enterprise software development kit sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "virtualcenter update 6b",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "6"
},
{
"model": "security appscan standard",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "java se sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "openjdk",
"scope": "eq",
"trust": 0.3,
"vendor": "openjdk",
"version": "1.6"
},
{
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "rational appscan standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "java se sr10",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.1"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr9-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "update manager update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.01"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cms server aux",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "hirdb for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux enterprise server sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "rational policy tester",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "rational appscan enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "java se sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "BID",
"id": "50215"
},
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sami Koivu",
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
}
],
"trust": 0.7
},
"cve": "CVE-2011-3521",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3521",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3521",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3521",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2011-3521",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-3521",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Deserialization\u0027 sub-component. \nThis vulnerability affects the following supported versions:\nJDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Cosminexus Products Java Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46694\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46694/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nRELEASE DATE:\n2011-11-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46694/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46694/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged multiple vulnerabilities in Hitachi\nCosminexus products, which can be exploited by malicious users to\ndisclose certain information and by malicious people to disclose\npotentially sensitive information, hijack a user\u0027s session, conduct\nDNS cache poisoning attacks, manipulate certain data, cause a DoS\n(Denial of Service), and compromise a vulnerable system. \n\nThe vulnerabilities are caused due to vulnerabilities in the bundled\nversion of Cosminexus Developer\u0027s Kit for Java. \n\nFor more information:\nSA46512\n\nPlease see the vendor\u0027s advisory for a list of affected products. Please see the vendor\u0027s advisory for\ndetails. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and DSA-2356-1. \n\nCVE-2011-0862\n\tInteger overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges. \n\nCVE-2011-0864\n\tHotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine. \n\nCVE-2011-0865\n\tA race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact. \n\nCVE-2011-0867\n\tUntrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public. \n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)\n\nCVE-2011-0868\n\tA float-to-long conversion could overflow, , allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine. \n\nCVE-2011-0869\n\tUntrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection. \n\nCVE-2011-0871\n\tUntrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code. \n\nCVE-2011-3389\n\tThe TLS implementation does not guard properly against certain\n\tchosen-plaintext attacks when block ciphers are used in CBC\n\tmode. \n\nCVE-2011-3547\n\tThe skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code. \n\nCVE-2011-3551\n\tThe Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges. \n\nCVE-2011-3553\n\tJAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information. \n\nCVE-2011-3560\n\tThe com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny1. \n\nWe recommend that you upgrade your openjdk-6 packages. \n\n-- Vendor Response:\n\nOracle has issued an update to correct this vulnerability. More details\ncan be found at:\n\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n\n\n-- Disclosure Timeline:\n2011-05-12 - Vulnerability reported to vendor\n2011-10-26 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n\n* Sami Koivu\n\n\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n. ==========================================================================\nUbuntu Security Notice USN-1263-1\nNovember 16, 2011\n\nicedtea-web, openjdk-6, openjdk-6b18 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. \n\nSoftware Description:\n- icedtea-web: A web browser plugin to execute Java applets\n- openjdk-6: Open Source Java implementation\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nDeepak Bhole discovered a flaw in the Same Origin Policy (SOP)\nimplementation in the IcedTea web browser plugin. This could allow a\nremote attacker to open connections to certain hosts that should\nnot be permitted. (CVE-2011-3377)\n\nJuliano Rizzo and Thai Duong discovered that the block-wise AES\nencryption algorithm block-wise as used in TLS/SSL was vulnerable to\na chosen-plaintext attack. This could allow a remote attacker to view\nconfidential data. (CVE-2011-3389)\n\nIt was discovered that a type confusion flaw existed in the in\nthe Internet Inter-Orb Protocol (IIOP) deserialization code. (CVE-2011-3521)\n\nIt was discovered that the Java scripting engine did not perform\nSecurityManager checks. (CVE-2011-3544)\n\nIt was discovered that the InputStream class used a global buffer to\nstore input bytes skipped. An attacker could possibly use this to gain\naccess to sensitive information. (CVE-2011-3547)\n\nIt was discovered that a vulnerability existed in the AWTKeyStroke\nclass. (CVE-2011-3548)\n\nIt was discovered that an integer overflow vulnerability existed\nin the TransformHelper class in the Java2D implementation. (CVE-2011-3551)\n\nIt was discovered that the default number of available UDP sockets for\napplications running under SecurityManager restrictions was set too\nhigh. A remote attacker could use this with a malicious application or\napplet exhaust the number of available UDP sockets to cause a denial\nof service for other applets or applications running within the same\nJVM. (CVE-2011-3552)\n\nIt was discovered that Java API for XML Web Services (JAX-WS) could\nincorrectly expose a stack trace. A remote attacker could potentially\nuse this to gain access to sensitive information. (CVE-2011-3553)\n\nIt was discovered that the unpacker for pack200 JAR files did not\nsufficiently check for errors. An attacker could cause a denial of\nservice or possibly execute arbitrary code through a specially crafted\npack200 JAR file. (CVE-2011-3554)\n\nIt was discovered that the RMI registration implementation did not\nproperly restrict privileges of remotely executed code. \n(CVE-2011-3556, CVE-2011-3557)\n\nIt was discovered that the HotSpot VM could be made to crash, allowing\nan attacker to cause a denial of service or possibly leak sensitive\ninformation. (CVE-2011-3558)\n\nIt was discovered that the HttpsURLConnection class did not\nproperly perform SecurityManager checks in certain situations. This\ncould allow a remote attacker to bypass restrictions on HTTPS\nconnections. (CVE-2011-3560)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10\n icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10\n icedtea-netx 1.1.3-1ubuntu1.1\n icedtea-plugin 1.1.3-1ubuntu1.1\n openjdk-6-jre 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10\n openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1\n icedtea-netx 1.1.1-0ubuntu1~11.04.2\n icedtea-plugin 1.1.1-0ubuntu1~11.04.2\n openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2\n icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2\n openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-sun security update\nAdvisory ID: RHSA-2011:1384-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html\nIssue date: 2011-10-19\nCVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 \n CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 \n CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 \n CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 \n CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 \n CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 \n CVE-2011-3560 CVE-2011-3561 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-sun packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise\nLinux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Desktop version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux AS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux ES version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux WS version 4 Extras - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section. \nAll running instances of Sun Java must be restarted for the update to take\neffect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)\n745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)\n745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)\n745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)\n745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)\n745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)\n745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)\n745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)\n745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)\n745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)\n745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)\n745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)\n745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)\n747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)\n747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)\n747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)\n747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)\n747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux AS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Desktop version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux ES version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux WS version 4 Extras:\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm\n\nx86_64:\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm\njava-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm\njava-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3389.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3516.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3521.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3545.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3546.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3547.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3548.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3549.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3550.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3551.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3552.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3553.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3554.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3555.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3556.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3557.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3558.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3560.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3561.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3\n0MJzQCB587rTzSRSo+gGytc=\n=809z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac\nOS X 10.6 Update 6\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nare now available and address the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nMac OS X v10.7.2, Mac OS X Server v10.7.2\nImpact: Multiple vulnerabilities in Java 1.6.0_26\nDescription: Multiple vulnerabilities exist in Java 1.6.0_26, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. \nThese issues are addressed by updating to Java version 1.6.0_29. \nFurther information is available via the Java website at\nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html\nCVE-ID\nCVE-2011-3389\nCVE-2011-3521\nCVE-2011-3544\nCVE-2011-3545\nCVE-2011-3546\nCVE-2011-3547\nCVE-2011-3548\nCVE-2011-3549\nCVE-2011-3551\nCVE-2011-3552\nCVE-2011-3553\nCVE-2011-3554\nCVE-2011-3556\nCVE-2011-3557\nCVE-2011-3558\nCVE-2011-3560\nCVE-2011-3561\n\nJava for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b\n\nFor Mac OS X v10.7 systems\nThe download file is named: JavaForMacOSX10.7.dmg\nIts SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP\n2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW\nt5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4\nmN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL\nwgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS\nD089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=\n=4KBF\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-23\nLast Updated: 2012-01-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.13 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.13.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 23 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3521"
},
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "BID",
"id": "50215"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "106268"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "105998"
},
{
"db": "PACKETSTORM",
"id": "106792"
},
{
"db": "PACKETSTORM",
"id": "109072"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3521",
"trust": 2.9
},
{
"db": "BID",
"id": "50215",
"trust": 1.4
},
{
"db": "ZDI",
"id": "ZDI-11-306",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48308",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48692",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1026215",
"trust": 1.0
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1253",
"trust": 0.7
},
{
"db": "HITACHI",
"id": "HS11-024",
"trust": 0.4
},
{
"db": "ICS CERT",
"id": "ICSA-17-213-02",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "46694",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2011-3521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106640",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107532",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106268",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105998",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109072",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"db": "BID",
"id": "50215"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "106268"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "105998"
},
{
"db": "PACKETSTORM",
"id": "106792"
},
{
"db": "PACKETSTORM",
"id": "109072"
},
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"id": "VAR-201110-0352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-12-21T22:39:27.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120034 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-2"
},
{
"title": "Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1263-1"
},
{
"title": "Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a48d7ee302b835c97c950b74a371fcfe"
},
{
"title": "Amazon Linux AMI: ALAS-2011-010",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-010"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"trust": 1.4,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-1263-1"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/50215"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1384.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1026215"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48692"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70850"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a13662"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48308"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3521"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3553"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3554"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3544"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3551"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547"
},
{
"trust": 0.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-024/index.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3558"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-213-02"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100151219"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100150852"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100154049"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1\u0026ac.admitted=1378134276525.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03266681\u0026ac.admitted=1333452464452.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21609022"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2012/000162.html"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2012-0005.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/1284333-14afb-4baadb5bccb00/cert_xrx12-002_v1.1.pdf"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-306/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3546"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3561"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558"
},
{
"trust": 0.2,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3550"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3516"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0034"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1263-2/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201111-02.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46694/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46694"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46694/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0868"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0869"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-306"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.1-0ubuntu1~11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~11.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.4-0ubuntu1~11.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.10-0ubuntu1~10.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3377"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.10-0ubuntu1~10.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/icedtea-web/1.1.3-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3560.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3547.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3548.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3557.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3555"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3554.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3553.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3556.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3549.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3551.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3546.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1384.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3516.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3545.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3389.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3561.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3550.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3544.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3521.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3558.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3552.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3555.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://java.sun.com/javase/6/webnotes/releasenotes.html"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"db": "BID",
"id": "50215"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "106268"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "105998"
},
{
"db": "PACKETSTORM",
"id": "106792"
},
{
"db": "PACKETSTORM",
"id": "109072"
},
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"db": "BID",
"id": "50215"
},
{
"db": "PACKETSTORM",
"id": "106640"
},
{
"db": "PACKETSTORM",
"id": "106747"
},
{
"db": "PACKETSTORM",
"id": "127267"
},
{
"db": "PACKETSTORM",
"id": "107532"
},
{
"db": "PACKETSTORM",
"id": "106268"
},
{
"db": "PACKETSTORM",
"id": "107051"
},
{
"db": "PACKETSTORM",
"id": "105998"
},
{
"db": "PACKETSTORM",
"id": "106792"
},
{
"db": "PACKETSTORM",
"id": "109072"
},
{
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-26T00:00:00",
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"date": "2011-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"date": "2011-10-18T00:00:00",
"db": "BID",
"id": "50215"
},
{
"date": "2011-11-06T01:01:42",
"db": "PACKETSTORM",
"id": "106640"
},
{
"date": "2011-11-08T04:55:18",
"db": "PACKETSTORM",
"id": "106747"
},
{
"date": "2014-06-30T23:39:28",
"db": "PACKETSTORM",
"id": "127267"
},
{
"date": "2011-12-05T14:44:00",
"db": "PACKETSTORM",
"id": "107532"
},
{
"date": "2011-10-26T23:15:45",
"db": "PACKETSTORM",
"id": "106268"
},
{
"date": "2011-11-17T02:34:27",
"db": "PACKETSTORM",
"id": "107051"
},
{
"date": "2011-10-19T22:54:10",
"db": "PACKETSTORM",
"id": "105998"
},
{
"date": "2011-11-09T18:31:22",
"db": "PACKETSTORM",
"id": "106792"
},
{
"date": "2012-01-25T16:35:02",
"db": "PACKETSTORM",
"id": "109072"
},
{
"date": "2011-10-19T21:55:01.050000",
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-26T00:00:00",
"db": "ZDI",
"id": "ZDI-11-306"
},
{
"date": "2018-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3521"
},
{
"date": "2017-08-02T18:09:00",
"db": "BID",
"id": "50215"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3521"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "50215"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-306"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "50215"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.