Back to search

Java CPU October 2011 Java Runtime Environment Deserialization vulnerability (CVE-2011-3521)

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) October 19, 2011 October 19, 2011 January 09, 2014

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Oracle JRE >= 1.5.0.0 and < 1.5.0.32

    Upgrade to Oracle Java version 1.5.0.32

    Upgrade your copy of the Java Runtime Environment to 1.5.0.32, which can be downloaded from here. Note that this version requires Oracle Java SE Support, otherwise it is recommended to upgrade to the latest public JRE.

  • Oracle JRE >= 1.6.0.0 and < 1.6.0.28

    Upgrade to Oracle Java version 1.6.0.28

    Upgrade your copy of the Java Runtime Environment to 1.6.0.28, which can be downloaded from here.

  • Oracle JRE >= 1.7.0.0 and < 1.7.0.1

    Upgrade to Oracle Java version 1.7.0.1

    Upgrade your copy of the Java Runtime Environment to 1.7.0.1, which can be downloaded from here.

Related Vulnerabilities