CVE-2011-3571
First published: Wed Jan 18 2012(Updated: )
The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine to crash or bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Virtualization | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00041.html
- http://secunia.com/advisories/50897
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://secunia.com/advisories/48073
- http://secunia.com/advisories/48074
- http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
- https://rhn.redhat.com/errata/RHSA-2012-0135.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017249.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017233.html
- http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/4e7a700d4ecc/patches/security/20120214/7082299.patch
- http://icedtea.classpath.org/hg/release/icedtea7-forest-2.0/jdk/rev/d063a88899f9
- https://rhn.redhat.com/errata/RHSA-2012-0139.html
- https://rhn.redhat.com/errata/RHSA-2012-0322.html
- http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3
- https://access.redhat.com/security/cve/CVE-2011-3571
- https://access.redhat.com/security/cve/CVE-2012-0507
- http://www.h-online.com/security/news/item/Critical-Java-hole-being-exploited-on-a-large-scale-Update-1485681.html
- http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
- http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
- https://rhn.redhat.com/errata/RHSA-2012-0508.html
- https://rhn.redhat.com/errata/RHSA-2012-0514.html
- https://rhn.redhat.com/errata/RHSA-2013-1455.html
- https://bugzilla.redhat.com/show_bug.cgi?id=788994
Frequently Asked Questions
What is the severity of CVE-2011-3571?
CVE-2011-3571 has been classified as a vulnerability that could allow a malicious application to crash the Java Virtual Machine.
How do I fix CVE-2011-3571?
To fix CVE-2011-3571, ensure that you are using the latest version of Oracle Virtualization, as updates contain fixes for this vulnerability.
What impact does CVE-2011-3571 have on Java applications?
CVE-2011-3571 can lead to application crashes and potential bypass of Java sandbox restrictions, affecting application security.
Which versions of Oracle Virtualization are affected by CVE-2011-3571?
CVE-2011-3571 affects Oracle Virtualization version 3.2.
Can CVE-2011-3571 be exploited remotely?
Yes, a malicious Java application or applet exploiting CVE-2011-3571 could be delivered and executed remotely, leading to possible application crashes.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3571
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/oracle
- canonical/oracle virtualization
- version/oracle virtualization/3.2