[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-0311

Date: (C)2011-09-02   (M)2017-08-18
 
CVSS Score: 3.5Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

Reference:
IZ89602
IZ89620
PM42551
RHSA-2011:1159
RHSA-2011:1265
SUSE-SA:2011:024
SUSE-SU-2011:0823
ibm-rjt-classfile-dos(65189)

CPE    10
cpe:/a:ibm:java:1.4.2.13.7
cpe:/a:ibm:java:1.4.2.13.8
cpe:/a:ibm:java:1.4.2.13.5
cpe:/a:ibm:java:1.4.2.13.6
...
CWE    1
CWE-119

© 2013 SecPod Technologies