VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2011· Updated Apr 29, 2026

CVE-2011-3551

CVE-2011-3551

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified vulnerability in Oracle Java SE's 2D component allows remote attackers to compromise confidentiality, integrity, and availability.

Vulnerability

CVE-2011-3551 is an unspecified vulnerability in the Java Runtime Environment (JRE) component affecting Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier [1]. The vulnerability resides in the 2D component and can be triggered via unknown vectors [1].

Exploitation

Remote attackers can exploit this vulnerability without authentication, likely by delivering specially crafted data to a Java application [1]. The exact exploitation steps are not disclosed, but the risk is considered high [3].

Impact

Successful exploitation could lead to complete compromise of confidentiality, integrity, and availability (CIA) of the affected system [1]. The CVSS base score is 7.6 (High) per HP bulletin [3], indicating significant impact.

Mitigation

Oracle released critical patch updates in October 2011 to fix this vulnerability. Users should upgrade to JDK/JRE 7 Update 1, 6 Update 28, or later [4]. For HP-UX, HP provided patches as part of their Java updates [3]. Apply patches from vendors as soon as possible.

References
  1. '[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD'
  2. '[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D'
  3. Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

64
  • Oracle Corporation/Jrockit8 versions
    cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*range: <=r28.1.4
    • cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*
    • (no CPE)range: R28.1.4 and earlier
  • Sun Corporation/Jdk27 versions
    cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*range: <=1.6.0
  • Sun Corporation/Jre27 versions
    cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*range: <=1.6.0
  • Oracle Corporation/Java SE JDKllm-fuzzy
    Range: 7, 6 Update 27 and earlier
  • Oracle Corporation/Java SE JREllm-fuzzy
    Range: 7, 6 Update 27 and earlier

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.