CVE-2011-3544
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 16, 2011
- Published Date
- October 19, 2011
- Last Updated
- February 10, 2025
- Vendor
- Oracle
- Product
- Java SE
- Description
- Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-03 00:00:00 UTC) Source
cisa
metasploit_scanner
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
10.0
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://secunia.com/advisories/48308
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.securityfocus.com/bid/50218
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://marc.info/?l=bugtraq&m=134254957702612&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
http://www.securitytracker.com/id?1026215
http://www.ubuntu.com/usn/USN-1263-1
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://www.ibm.com/developerworks/java/jdk/alerts/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_rhino.rb | 2025-04-29 11:01:19 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
java_rhino
Type: metasploit • Created: Unknown
Metasploit module for CVE-2011-3544
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit