[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-0311Date: (C)2011-09-02   (M)2018-02-19


The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 3.5
Exploit Score: Exploit Score: 6.8
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
IZ89602
IZ89620
PM42551
RHSA-2011:1159
RHSA-2011:1265
SUSE-SA:2011:024
SUSE-SU-2011:0823
ibm-rjt-classfile-dos(65189)

CPE    10
cpe:/a:ibm:java:1.4.2.13.7
cpe:/a:ibm:java:1.4.2.13.8
cpe:/a:ibm:java:1.4.2.13.5
cpe:/a:ibm:java:1.4.2.13.6
...
CWE    1
CWE-119

© SecPod Technologies