VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2011· Updated Apr 29, 2026

CVE-2011-3554

CVE-2011-3554

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unspecified vulnerability in Oracle Java SE allows remote untrusted Java Web Start applications and applets to compromise confidentiality, integrity, and availability.

Vulnerability

An unspecified vulnerability exists in the Java Runtime Environment (JRE) component of Oracle Java SE. Affected versions include JDK and JRE 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier [3][4]. The vulnerability can be triggered by remote untrusted Java Web Start applications and untrusted Java applets via unknown vectors.

Exploitation

An attacker can exploit this vulnerability by convincing a user to run a malicious Java Web Start application or applet. No authentication is required, and the attacker does not need any special network position beyond delivering the malicious code to the user's browser or application. The exact exploitation steps are not disclosed.

Impact

Successful exploitation could lead to a compromise of confidentiality, integrity, and availability. The attacker may gain the ability to read, modify, or disrupt system resources at the privilege level of the user running the Java application. The HP security bulletins describe the impact as "remote unauthorized access, disclosure of information, and other vulnerabilities" [3][4].

Mitigation

Oracle released updates to address this vulnerability. Users should upgrade to JDK/JRE 6 Update 28 or later, 5.0 Update 32 or later, or 7 Update 1 or later. For HP-UX systems, HP provided patches as part of their Java updates (e.g., HP JDK and JRE 6.0.13 or later, and 5.0.25 or later) [3][4]. No workaround is documented.

References
  1. '[security bulletin] HPSBUX02760 SSRT100805 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D'
  2. '[security bulletin] HPSBUX02730 SSRT100710 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

119
  • Sun Corporation/Jdk60 versions
    cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*+ 59 more
    • cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jdk:*:update31:*:*:*:*:*:*range: <=1.5.0
  • Sun Corporation/Jre57 versions
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*+ 56 more
    • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_22:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_23:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_24:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_25:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_26:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:jre:*:update31:*:*:*:*:*:*range: <=1.5.0
  • Oracle Corporation/Java SE JDKllm-fuzzy
    Range: 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier
  • Oracle Corporation/Java SE JREllm-fuzzy
    Range: 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

19

News mentions

0

No linked articles in our index yet.