Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3556Oracle Jrockit vulnerability

9 documents7 sources
Severity
7.5HIGHNVD
EPSS
87.1%
top 0.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Oracle JrockitSUN JDKSUN JRE
Timeline
PublishedOct 19
Latest updateMay 14

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDoracle/jrockitr28.1.4+6
NVDsun/jdk1.6.0+38
NVDsun/jre1.6.0+38

🔴Vulnerability Details

2
GHSA
GHSA-x97f-rpv2-wwmc: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 52022-05-14
CVEList
CVE-2011-3556: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 52011-10-19

💥Exploits & PoCs

1
Exploit-DB
Java RMI - Server Insecure Default Configuration Java Code Execution (Metasploit)2011-07-15

📋Vendor Advisories

4
Red Hat
nginx: SMTP STARTTLS plaintext injection flaw2014-08-05
Ubuntu
IcedTea-Web, OpenJDK 6 vulnerabilities2011-11-16
Red Hat
OpenJDK: RMI DGC server remote code execution (RMI, 7077466)2011-10-18
Red Hat
OpenJDK: RMI registry privileged code execution (RMI, 7083012)2011-10-18

💬Community

1
Bugzilla
CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)2011-10-12
CVE-2011-3556 — Oracle Jrockit vulnerability | cvebase