CVE-2011-3544

Name: CVE-2011-3544
Creator: NVD / NIST
Published: 2011-10-19T21:55:01.097+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 96.71%

Last modified Jun 16, 2026

CVE-2011-3544 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.. CISA has confirmed active exploitation in the wild. EPSS estimates a 96.71% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

96.71%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Mar 24, 2022.

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions	Update
Oracle	Jdk	< 1.6.0	—
Oracle	Jdk	1.6.0	—
Oracle	Jdk	1.7.0	—
Oracle	Jre	< 1.6.0	—
Oracle	Jre	1.6.0	—
Oracle	Jre	1.7.0	—
Canonical	Ubuntu Linux	10.04	—
Canonical	Ubuntu Linux	10.10	—
Canonical	Ubuntu Linux	11.04	—
Canonical	Ubuntu Linux	11.10	—
Redhat	Satellite With Embedded Oracle	5.4	—
Suse	Linux Enterprise Java	10	Sp4
Suse	Linux Enterprise Server	10	Sp4

References

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlThird Party Advisory
http://secunia.com/advisories/48308Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlBroken Link
http://www.securityfocus.com/bid/50218Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026215Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1263-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlMailing List, Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlThird Party Advisory
http://secunia.com/advisories/48308Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlBroken Link
http://www.securityfocus.com/bid/50218Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1026215Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1263-1Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544US Government Resource

Timeline

Published: Oct 19, 2011
Last Modified: Jun 16, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2011-3544?

How severe is CVE-2011-3544?

CVE-2011-3544 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 96.71% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2011-3544?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-3544?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST