cvelistv5 - cve-2011-0866

CVE-2011-0866 (GCVE-0-2011-0866)

Vulnerability from cvelistv5

Published

2011-06-14 18:00

Modified

2024-08-06 22:05

Severity ?

CWE

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
	http://www.us-cert.gov/cas/techalerts/TA11-201A.html	third-party-advisory, x_refsource_CERT
	http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14545	vdb-entry, signature, x_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/44930	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html	vendor-advisory, x_refsource_SUSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14011	vdb-entry, signature, x_refsource_OVAL
	http://marc.info/?l=bugtraq&m=132439520301822&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=134254957702612&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=132439520301822&w=2	vendor-advisory, x_refsource_HP
	http://marc.info/?l=bugtraq&m=134254957702612&w=2	vendor-advisory, x_refsource_HP
	http://www.ibm.com/developerworks/java/jdk/alerts/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:54.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2011:0863",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "TA11-201A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
          },
          {
            "name": "SUSE-SA:2011:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
          },
          {
            "name": "SUSE-SA:2011:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14545",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14545"
          },
          {
            "name": "SUSE-SU-2011:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
          },
          {
            "name": "44930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44930"
          },
          {
            "name": "SUSE-SA:2011:030",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:14011",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14011"
          },
          {
            "name": "SSRT100591",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
          },
          {
            "name": "SSRT100867",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
          },
          {
            "name": "SUSE-SU-2011:0807",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
          },
          {
            "name": "openSUSE-SU-2011:0633",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
          },
          {
            "name": "HPSBUX02697",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
          },
          {
            "name": "HPSBMU02797",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "SUSE-SU-2011:0863",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "TA11-201A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
        },
        {
          "name": "SUSE-SA:2011:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
        },
        {
          "name": "SUSE-SA:2011:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14545",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14545"
        },
        {
          "name": "SUSE-SU-2011:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
        },
        {
          "name": "44930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44930"
        },
        {
          "name": "SUSE-SA:2011:030",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
        },
        {
          "name": "oval:org.mitre.oval:def:14011",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14011"
        },
        {
          "name": "SSRT100591",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
        },
        {
          "name": "SSRT100867",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
        },
        {
          "name": "SUSE-SU-2011:0807",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
        },
        {
          "name": "openSUSE-SU-2011:0633",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
        },
        {
          "name": "HPSBUX02697",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
        },
        {
          "name": "HPSBMU02797",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2011-0866",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2011:0863",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "TA11-201A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
            },
            {
              "name": "SUSE-SA:2011:036",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html"
            },
            {
              "name": "SUSE-SA:2011:032",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14545",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14545"
            },
            {
              "name": "SUSE-SU-2011:0966",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html"
            },
            {
              "name": "44930",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44930"
            },
            {
              "name": "SUSE-SA:2011:030",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14011",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14011"
            },
            {
              "name": "SSRT100591",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
            },
            {
              "name": "SSRT100867",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
            },
            {
              "name": "SUSE-SU-2011:0807",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
            },
            {
              "name": "openSUSE-SU-2011:0633",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
            },
            {
              "name": "HPSBUX02697",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132439520301822\u0026w=2"
            },
            {
              "name": "HPSBMU02797",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
            },
            {
              "name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2011-0866",
    "datePublished": "2011-06-14T18:00:00",
    "dateReserved": "2011-02-04T00:00:00",
    "dateUpdated": "2024-08-06T22:05:54.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-0866

Vulnerability from jvndb

Published

2011-06-10 16:23

Modified

2013-03-26 15:14

Severity ?

() - -

Summary

Java Web Start may insecurely load dynamic libraries

Details

Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.

References

►

Type

URL

	JVN	http://jvn.jp/en/jp/JVN18680611/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0866
	IPA SECURITY ALERTS	http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

►

Vendor

Product

	Hewlett-Packard Development Company,L.P	HP Systems Insight Manager
	Sun Microsystems, Inc.	JDK
	Sun Microsystems, Inc.	JRE
	Sun Microsystems, Inc.	SDK

Show details on JVN DB website