Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
Published 2011-10-19 21:55:02
Updated 2018-01-06 02:29:21
Source Oracle
View at NVD,   CVE.org

Threat overview for CVE-2011-3556

Top countries where our scanners detected CVE-2011-3556
Top open port discovered on systems with this issue 80
IPs affected by CVE-2011-3556 719
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2011-3556!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-3556

45.91%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-3556

  • Java RMI Server Insecure Endpoint Code Execution Scanner
    Disclosure Date: 2011-10-15
    First seen: 2020-04-26
    auxiliary/scanner/misc/java_rmi_server
    Detect Java RMI endpoints Authors: - mihi - hdm <x@hdm.io>
  • Java RMI Server Insecure Default Configuration Java Code Execution
    Disclosure Date: 2011-10-15
    First seen: 2020-04-26
    exploit/multi/misc/java_rmi_server
    This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoi

CVSS scores for CVE-2011-3556

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

References for CVE-2011-3556

Products affected by CVE-2011-3556

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!