Fluid Attacks Database

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	java-1.4.2-ibm-sap	-	-
rpm rhel5	java-1.6.0-openjdk	<1:1.6.0.0-1.23.1.9.10.el5_7	1:1.6.0.0-1.23.1.9.10.el5_7
rpm rhel6	java-1.6.0-openjdk	<1:1.6.0.0-1.40.1.9.10.el6_1	1:1.6.0.0-1.40.1.9.10.el6_1

Aliases

1. CVE-2011-35562. NVD-2011-35563. OSV-2011-3556

References

1. https://www.exploit-db.com/exploits/175352. https://github.com/sk4la/cve_2011_35563. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_rmi_server.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.