Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-3556

Published: 19/10/2011 Updated: 06/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sun

Vulnerability Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and previous versions, 5.0 Update 31 and previous versions, 1.4.2_33 and previous versions, and JRockit R28.1.4 and previous versions allows remote malicious users to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sun jre 1.7.0

sun jdk 1.7.0

oracle jrockit

oracle jrockit r28.0.1

oracle jrockit r28.0.0

oracle jrockit r28.1.3

oracle jrockit r28.1.1

oracle jrockit r28.1.0

oracle jrockit r28.0.2

sun jre 1.6.0

sun jdk 1.6.0

sun jdk

sun jre

sun jre 1.5.0

sun jdk 1.5.0

sun jre 1.4.2_32

sun jre 1.4.2_31

sun jre 1.4.2_30

sun jre 1.4.2_23

sun jre 1.4.2_22

sun jre 1.4.2_15

sun jre 1.4.2_14

sun jre 1.4.2_6

sun jre 1.4.2_5

sun jdk 1.4.2_32

sun jdk 1.4.2_31

sun jdk 1.4.2_24

sun jdk 1.4.2_23

sun jdk 1.4.2_15

sun jdk 1.4.2_14

sun jdk 1.4.2_7

sun jdk 1.4.2_6

sun jre 1.4.2_29

sun jre 1.4.2_28

sun jre 1.4.2_21

sun jre 1.4.2_20

sun jre 1.4.2_13

sun jre 1.4.2_12

sun jre 1.4.2_4

sun jre 1.4.2_3

sun jdk 1.4.2_30

sun jdk 1.4.2_29

sun jdk 1.4.2_22

sun jdk 1.4.2_21

sun jdk 1.4.2_13

sun jdk 1.4.2_12

sun jdk 1.4.2_5

sun jdk 1.4.2_4

sun jre 1.4.2_27

sun jre 1.4.2_26

sun jre 1.4.2_19

sun jre 1.4.2_18

sun jre 1.4.2_11

sun jre 1.4.2_10

sun jre 1.4.2_2

sun jre 1.4.2_1

sun jdk 1.4.2_28

sun jdk 1.4.2_27

sun jdk 1.4.2_20

sun jdk 1.4.2_19

sun jdk 1.4.2_18

sun jdk 1.4.2_11

sun jdk 1.4.2_10

sun jdk 1.4.2_3

sun jdk 1.4.2_2

sun jre 1.4.2_25

sun jre 1.4.2_24

sun jre 1.4.2_17

sun jre 1.4.2_16

sun jre 1.4.2_9

sun jre 1.4.2_8

sun jre 1.4.2_7

sun jre 1.4.2

sun jdk 1.4.2_26

sun jdk 1.4.2_25

sun jdk 1.4.2_17

sun jdk 1.4.2_16

sun jdk 1.4.2_9

sun jdk 1.4.2_8

sun jdk 1.4.2_1

sun jdk 1.4.2

Vendor Advisories

Debian CVElist Bug Report Logs: critical update 29 available
Debian Bug report logs - #645881 critical update 29 available Package: sun-java6; Maintainer for sun-java6 is (unknown); Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Wed, 19 Oct 2011 10:42:46 UTC Severity: grave Tags: security Merged with 649594 Fixed in version 626-3+rm Done: Debian FTP Masters <ftpmaster@f ...
Red Hat: Critical: java-1.4.2-ibm security update
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThe Red Hat Security Response Team has rated t ...
Red Hat: Critical: java-1.5.0-ibm security update
Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras, and Red Hat EnterpriseLinux 5 and 6 SupplementaryThe Red Hat Security Response Team has ...
Red Hat: Moderate: java-1.4.2-ibm-sap security update
Synopsis Moderate: java-142-ibm-sap security update Type/Severity Security Advisory: Moderate Topic Updated java-142-ibm-sap packages that fix several security issues arenow available for Red Hat Enterprise Linux 4, 5 and 6 for SAPThe Red Hat Security Response Team has rated this update as having moder ...
Red Hat: Critical: java-1.6.0-ibm security update
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras, and Red Hat EnterpriseLinux 5 and 6 SupplementaryThe Red Hat Security Response Team has ...
Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update
Synopsis Low: Red Hat Network Satellite server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 54The Red Hat Security Response Team has rated this update as ha ...
Debian Security Advisories: DSA-2356-1 openjdk-6 -- several vulnerabilities
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform: CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementati ...
Ubuntu Security Notice: openjdk-6, openjdk-6b18 regression
USN-1263-1 caused a regression when using OpenJDK 6’s SSL/TLS implementation ...
Ubuntu Security Notice: icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities
Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed ...
Amazon Linux AMI: ALAS-2011-010
A flaw was found in the Java RMI (Remote Method Invocation) registry implementation A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry (CVE-2011-3556) A flaw was found in the Java RMI registry implementation A remote RMI client could use this flaw to execute code on the RMI server with unrest ...

Exploits

Exploit DB: Java RMI - Server Insecure Default Configuration Java Code Execution (Metasploit)
## # $Id: java_rmi_serverrb 13186 2011-07-15 20:44:08Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

Github Repositories

https://github.com/sk4la/cve_2011_3556

Python 3 implementation of an existing CVE-2011-3556 proof of concept (PoC).

CVE-2011-3556 — Proof of Concept (PoC) Disclaimer This tool is a Python 3 implementation of an existing proof of concept (PoC) made by mihi for the Metasploit Framework Prerequisites To use the module, simply follow the instructions below: # Clone this repository locally $ git clone githubcom/sk4la/cve_2011_3556git && cd cve_2011_3556/ # Optio

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1384.htmlhttp://www.securityfocus.com/bid/50231http://www.ibm.com/developerworks/java/jdk/alerts/http://www.redhat.com/support/errata/RHSA-2011-1478.htmlhttp://www.redhat.com/support/errata/RHSA-2012-0006.htmlhttp://secunia.com/advisories/49198http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlhttp://osvdb.org/76505http://www.securitytracker.com/id?1026215http://marc.info/?l=bugtraq&m=132750579901589&w=2http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlhttp://secunia.com/advisories/48692http://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://www.ubuntu.com/usn/USN-1263-1http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://marc.info/?l=bugtraq&m=134254957702612&w=2http://marc.info/?l=bugtraq&m=133728004526190&w=2http://marc.info/?l=bugtraq&m=133365109612558&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/70837https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14316http://marc.info/?l=bugtraq&m=134254866602253&w=2http://secunia.com/advisories/48308https://www.kb.cert.org/vuls/id/597809https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645881https://nvd.nist.govhttps://github.com/sk4la/cve_2011_3556https://www.exploit-db.com/exploits/17535/https://www.kb.cert.org/vuls/id/597809
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook