Search for vulnerabilities
| Vulnerability ID | VCID-c2zx-s8vs-fbgp |
| Aliases |
CVE-2011-3556
|
| Summary | Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.8 |
| Risk | 1.6 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| epss | 0.87065 | https://api.first.org/data/v1/epss?cve=CVE-2011-3556 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3556.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2011-3556 | ||
| 745459 | https://bugzilla.redhat.com/show_bug.cgi?id=745459 | |
| CVE-2011-3556 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17535.rb |
| GLSA-201111-02 | https://security.gentoo.org/glsa/201111-02 | |
| GLSA-201406-32 | https://security.gentoo.org/glsa/201406-32 | |
| RHSA-2011:1380 | https://access.redhat.com/errata/RHSA-2011:1380 | |
| RHSA-2011:1384 | https://access.redhat.com/errata/RHSA-2011:1384 | |
| RHSA-2011:1478 | https://access.redhat.com/errata/RHSA-2011:1478 | |
| RHSA-2012:0006 | https://access.redhat.com/errata/RHSA-2012:0006 | |
| RHSA-2012:0034 | https://access.redhat.com/errata/RHSA-2012:0034 | |
| RHSA-2012:0343 | https://access.redhat.com/errata/RHSA-2012:0343 | |
| RHSA-2013:1455 | https://access.redhat.com/errata/RHSA-2013:1455 | |
| USN-1263-1 | https://usn.ubuntu.com/1263-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | July 16, 2011 |
| Description | Java RMI - Server Insecure Default Configuration Java Code Execution (Metasploit) |
| Ransomware campaign use | Known |
| Source publication date | July 15, 2011 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | June 5, 2017 |
| Data source | Metasploit |
|---|---|
| Description | This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication. |
| Note | Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects |
| Ransomware campaign use | Unknown |
| Source publication date | Oct. 15, 2011 |
| Platform | Java,Linux,OSX,Windows |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/misc/java_rmi_server.rb |
| Percentile | 0.99436 |
| EPSS Score | 0.87065 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:01:36.564596+00:00 | Gentoo Importer | Import | https://security.gentoo.org/glsa/201111-02 | 38.0.0 |