Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2011-3544

Disclosure Date: October 19, 2011 •

CVE-2011-3544 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

Java Applet Rhino Script Engine Remote Code Execution

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

Metasploit Modules

Java Applet Rhino Script Engine Remote Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_rhino.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 07, 2022 5:56pm UTC (2 years ago)

References

Canonical

CVE-2011-3544 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544)

BID-50218 (http://www.securityfocus.com/bid/50218)

Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947

GLSA-201406-32 (http://security.gentoo.org/glsa/glsa-201406-32.xml)

HPSBMU02799 (http://marc.info?l=bugtraq&m=134254866602253&w=2)

SECUNIA-48308 (http://secunia.com/advisories/48308)

HPSBUX02730 (http://marc.info?l=bugtraq&m=132750579901589&w=2)

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://www.redhat.com/support/errata/RHSA-2011-1384.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

SSRT100867 (http://marc.info?l=bugtraq&m=134254957702612&w=2)

XF-oracle-jre-scripting-unspecified(70849) (https://exchange.xforce.ibmcloud.com/vulnerabilities/70849)

SECTRACK-1026215 (http://www.securitytracker.com/id?1026215)

USN-1263-1 (http://www.ubuntu.com/usn/USN-1263-1)

http://www.ibm.com/developerworks/java/jdk/alerts

Rapid7

Technical Analysis