CVE-2011-3389

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before.
JRockit R28.1.4 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.

Note: This is a vulnerability in the SSLv3/TLS 1.0 protocol. Exploitation of this vulnerability requires a man-in-the-middle and the attacker needs to be able to inject chosen plaintext.

CVSS Base Score 4.3 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N). (legend) [Advisory]

CVE-2011-3516

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are JDK and JRE 6 Update 27 and before on Windows. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3521

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deserialization). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before and 5.0 Update 31 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3544

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3545

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are JDK and JRE 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before.
JRockit R28.1.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client and server deployments of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3546

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before.
JavaFX 2.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 5.8 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory]

CVE-2011-3547

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

CVE-2011-3548

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3549

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Swing). Supported versions that are affected are JDK and JRE 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3550

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3551

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before.
JRockit R28.1.4 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client and server deployments of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.

CVSS Base Score 9.3 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3552

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Networking ). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 2.6 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N). (legend) [Advisory]

CVE-2011-3553

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAXWS). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before.
JRockit R28.1.4 and before. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.

Note: Applies to server deployments of Java. This vulnerability can only be exploited by supplying data to APIs in the specified Component, such as through a web service. It cannot be exploited through Untrusted Java Web Start applications or Untrusted Java applets.

CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory]

CVE-2011-3554

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Java Runtime Environment). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before and 5.0 Update 31 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory]

CVE-2011-3555

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Java Runtime Environment). Supported versions that are affected are JDK and JRE 7. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 6.1 (Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:C). (legend) [Advisory]

CVE-2011-3556

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before.
JRockit R28.1.4 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.

Note: Applies to RMI server deployments of Java.

CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]

CVE-2011-3557

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before.
JRockit R28.1.4 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.

Note: Applies to RMI server deployments of Java.

CVSS Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P). (legend) [Advisory]

CVE-2011-3558

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: HotSpot). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory]

CVE-2011-3560

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are JDK and JRE 7, 6 Update 27 and before, 5.0 Update 31 and before and 1.4.2_33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via SSL/TLS. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory]

CVE-2011-3561

Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are JDK and JRE 7 and 6 Update 27 and before.
JavaFX 2.0. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols, but can only be launched from an adjacent network. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.

Note: Applies to client deployments of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).

CVSS Base Score 1.8 (Confidentiality impacts). CVSS V2 Vector: (AV:A/AC:H/Au:N/C:P/I:N/A:N). (legend) [Advisory]