VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2011· Updated Apr 29, 2026

CVE-2011-3550

CVE-2011-3550

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unspecified vulnerability in Oracle Java AWT component allows remote untrusted applets and Web Start applications to compromise confidentiality, integrity, and availability.

Vulnerability

An unspecified vulnerability exists in the AWT component of Oracle Java SE JDK and JRE. Affected versions include Java SE 7 and Java SE 6 Update 27 and earlier [2][3]. The issue can be triggered by remote untrusted Java Web Start applications and untrusted Java applets.

Exploitation

An attacker can host a malicious Java Web Start application or applet and convince a user to run it (e.g., via a web page). No authentication is required; the attacker only needs to deliver the untrusted code to the target system. The exact exploitation steps are not publicly detailed due to the unspecified nature of the vulnerability.

Impact

Successful exploitation allows an attacker to affect confidentiality, integrity, and availability of the affected system. This could lead to arbitrary code execution with the privileges of the user running the Java application, potentially resulting in full system compromise.

Mitigation

Oracle released fixes as part of the October 2011 Critical Patch Update. For Java SE 7, update to version 7 Update 1 or later; for Java SE 6, update to version 6 Update 28 or later. Red Hat Enterprise Linux users can obtain the fix via RHSA-2011-1384 [4]. HP has also released updates for HP-UX and HP Network Node Manager i products [2][3]. No workaround is available; applying the patch is the recommended mitigation.

References
  1. '[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JD'
  2. '[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D'
  3. Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

56
  • Sun Corporation/Jdk27 versions
    cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*range: <=1.6.0
  • Sun Corporation/Jre27 versions
    cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*range: <=1.6.0
  • Oracle Corporation/Java JREllm-create
    Range: 7, 6 Update 27 and earlier
  • Sun Corporation/Java Sellm-fuzzy
    Range: 7, 6 Update 27 and earlier

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.