Lucene search

[email protected]CVE-2011-0311

HistorySep 02, 2011 - 11:55 p.m.

CVE-2011-0311

2011-09-0223:55:01

CWE-119

[email protected]

web.nvd.nist.gov

ibm

java

technology

denial of service

vulnerability

cve-2011-0311

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

Affected configurations

NVD

Node

ibmjavaRange≤1.4.2.13.8

ibmjavaMatch1.4.2

ibmjavaMatch1.4.2.13

ibmjavaMatch1.4.2.13.1

ibmjavaMatch1.4.2.13.2

ibmjavaMatch1.4.2.13.3

ibmjavaMatch1.4.2.13.4

ibmjavaMatch1.4.2.13.5

ibmjavaMatch1.4.2.13.6

ibmjavaMatch1.4.2.13.7

ibmruntimes_for_java_technologyRange≤5.0.12.4

ibmruntimes_for_java_technologyRange≤6.0.9.0

ibmruntimes_for_java_technologyMatch5.0.0

ibmruntimes_for_java_technologyMatch5.0.11.0

ibmruntimes_for_java_technologyMatch5.0.11.1

ibmruntimes_for_java_technologyMatch5.0.11.2

ibmruntimes_for_java_technologyMatch5.0.12.0

ibmruntimes_for_java_technologyMatch5.0.12.1

ibmruntimes_for_java_technologyMatch5.0.12.2

ibmruntimes_for_java_technologyMatch5.0.12.3

ibmruntimes_for_java_technologyMatch6.0.0

ibmruntimes_for_java_technologyMatch6.0.1.0

ibmruntimes_for_java_technologyMatch6.0.2.0

ibmruntimes_for_java_technologyMatch6.0.3.0

ibmruntimes_for_java_technologyMatch6.0.4.0

ibmruntimes_for_java_technologyMatch6.0.5.0

ibmruntimes_for_java_technologyMatch6.0.6.0

ibmruntimes_for_java_technologyMatch6.0.7.0

ibmruntimes_for_java_technologyMatch6.0.8.0

ibmruntimes_for_java_technologyMatch6.0.8.1

CPENameOperatorVersion
ibm:javaibm javale1.4.2.13.8
ibm:javaibm javaeq1.4.2
ibm:javaibm javaeq1.4.2.13
ibm:javaibm javaeq1.4.2.13.1
ibm:javaibm javaeq1.4.2.13.2
ibm:javaibm javaeq1.4.2.13.3
ibm:javaibm javaeq1.4.2.13.4
ibm:javaibm javaeq1.4.2.13.5
ibm:javaibm javaeq1.4.2.13.6
ibm:javaibm javaeq1.4.2.13.7

CPE	Name	Operator	Version
ibm:java	ibm java	le	1.4.2.13.8
ibm:java	ibm java	eq	1.4.2
ibm:java	ibm java	eq	1.4.2.13
ibm:java	ibm java	eq	1.4.2.13.1
ibm:java	ibm java	eq	1.4.2.13.2
ibm:java	ibm java	eq	1.4.2.13.3
ibm:java	ibm java	eq	1.4.2.13.4
ibm:java	ibm java	eq	1.4.2.13.5
ibm:java	ibm java	eq	1.4.2.13.6
ibm:java	ibm java	eq	1.4.2.13.7