Unrated severityNVD Advisory· Published Oct 19, 2011· Updated Apr 29, 2026

CVE-2011-3553

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified vulnerability in Oracle Java SE's JAXWS component allows remote authenticated users to access confidential information, affecting JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier.

Vulnerability

CVE-2011-3553 is an unspecified vulnerability in the Java Runtime Environment (JRE) component, specifically within JAXWS (Java API for XML Web Services) [3]. The affected versions include Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier [3]. The vulnerability is present in the Java JAXWS implementation and is rated with a CVSS base score of 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) according to reference [3].

Exploitation

The vulnerability requires remote authenticated users to exploit the flaw [3]. The successful exploitation does not require any additional privileges or user interaction beyond authentication. The attack complexity is considered medium, meaning that mitigating factors or specific conditions may need to be met [3]. The exact attack vector is not detailed in available references, but it is network-based and requires authentication.

Impact

A successful exploit allows an attacker to affect confidentiality, potentially leading to unauthorized access to confidential information [3]. The impact is limited to information disclosure (partial) and does not affect integrity or availability of the system [3]. The compromise is at the application level, potentially exposing sensitive data processed by the JAXWS component.

Mitigation

Oracle released a fix as part of the Java SE Critical Patch Update for October 2011 [3]. Users should upgrade to the latest versions of JDK/JRE 7 (update 1 or later) and JRE 6 (update 28 or later) [3]. For HP-UX systems, HP has provided fixes in HP JDK and JRE 6.0.12 or later [3]. Red Hat also issued an update as RHSA-2011:1384 [4].

References

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Oracle Corporation/Jrockit7 versions
cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*range: <=r28.1.4
- cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*
Sun Corporation/Jdk27 versions
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*range: <=1.6.0
Sun Corporation/Jre27 versions
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*range: <=1.6.0
Oracle Corporation/Java SE JDK and JREllm-fuzzy
Range: 7, 6 Update 27 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000