Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.92955.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Canonical Subscribe
Ubuntu Linux Subscribe
Oracle Subscribe
Jdk Subscribe
Jre Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Network Satellite Subscribe
Rhel Extras Subscribe
Satellite With Embedded Oracle Subscribe
Suse Subscribe
Linux Enterprise Java Subscribe
Linux Enterprise Server Subscribe

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update8:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update21_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b35:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2011:1384 2011-10-19T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2012:0034 2012-01-18T00:00:00Z
Red Hat Enterprise Linux 5
java-1.6.0-openjdk-1:1.6.0.0-1.23.1.9.10.el5_7 cpe:/o:redhat:enterprise_linux:5 RHSA-2011:1380 2011-10-18T00:00:00Z
Red Hat Enterprise Linux 6
java-1.6.0-openjdk-1:1.6.0.0-1.40.1.9.10.el6_1 cpe:/o:redhat:enterprise_linux:6 RHSA-2011:1380 2011-10-18T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el6 cpe:/a:redhat:rhel_extras:6 RHSA-2011:1384 2011-10-19T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el6 cpe:/a:redhat:rhel_extras:6 RHSA-2012:0034 2012-01-18T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2013:1455 2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.29-1jpp.1.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2011:1384 2011-10-19T00:00:00Z
java-1.6.0-ibm-1:1.6.0.10.0-1jpp.2.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2012:0034 2012-01-18T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3 cpe:/a:redhat:rhel_extras:6 RHSA-2012:1467 2012-11-15T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-2356-1 openjdk-6 security update
Debian DSA Debian DSA DSA-2358-1 openjdk-6 security update
Ubuntu USN Ubuntu USN USN-1263-1 IcedTea-Web, OpenJDK 6 vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=132750579901589&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254866602253&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=134254957702612&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1455.html cve-icon cve-icon
http://secunia.com/advisories/48308 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201406-32.xml cve-icon cve-icon
http://www.ibm.com/developerworks/java/jdk/alerts/ cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html cve-icon cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-1384.html cve-icon cve-icon
http://www.securityfocus.com/bid/50218 cve-icon cve-icon
http://www.securitytracker.com/id?1026215 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1263-1 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2011-3544 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544 cve-icon
https://www.cve.org/CVERecord?id=CVE-2011-3544 cve-icon
History

Wed, 22 Oct 2025 10:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 05:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 04:30:00 +0900

Type Values Removed Values Added
References

Tue, 11 Feb 2025 05:15:00 +0900

Type Values Removed Values Added
Weaknesses CWE-284
Metrics kev

{'dateAdded': '2022-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 08:30:00 +0900

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2025-10-22T00:05:49.147Z

Reserved: 2011-09-16T00:00:00.000Z

Link: CVE-2011-3544

cve-icon Vulnrichment

Updated: 2024-08-06T23:37:48.020Z

cve-icon NVD

Status : Deferred

Published: 2011-10-19T21:55:01.097

Modified: 2025-10-22T01:15:41.483

Link: CVE-2011-3544

cve-icon Redhat

Severity : Critical

Publid Date: 2011-10-18T00:00:00Z

Links: CVE-2011-3544 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses