CVE-2011-3544

CRITICAL KEV

Java Applet Rhino Script Engine Remote Code Execution

Title source: metasploit

Exploitation Summary

CVE-2011-3544 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 2 public exploits from researchers including Metasploit, Michael Schierl, juan vazquez, including a Metasploit module exploits/multi/browser/java_rhino.

AI-analyzed exploit summary This Metasploit module exploits CVE-2011-3544, a vulnerability in the Rhino Script Engine in Java, allowing arbitrary code execution outside the sandbox via a malicious Java applet. It serves an exploit JAR file and HTML page to trigger the vulnerability on vulnerable Java versions (7 or 6u27 and earlier).

Description

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/18171

View Code ZIP pw:eip

This Metasploit module exploits CVE-2011-3544, a vulnerability in the Rhino Script Engine in Java, allowing arbitrary code execution outside the sandbox via a malicious Java applet. It serves an exploit JAR file and HTML page to trigger the vulnerability on vulnerable Java versions (7 or 6u27 and earlier).

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Java (JRE 7, 6u27 and earlier)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Vulnerable Java version installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Michael Schierl, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_rhino.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2011-3544, a vulnerability in the Rhino Script Engine, allowing arbitrary Java code execution outside the sandbox via a malicious Java applet. It targets multiple platforms (Windows, OSX, Linux) and delivers a payload through an HTTP server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Java Runtime Environment (JRE) 7 and 6 Update 27 and earlier

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Java applet support in the browser · Vulnerable JRE version installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Product x_refsource_confirm

http://www.ibm.com/developerworks/java/jdk/alerts/

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201406-32.xml

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48308

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=132750579901589&w=2

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Broken Link vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1384.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/50218

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=134254957702612&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/70849

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026215

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1263-1

Scores

CVSS v3 9.8

EPSS 0.9259

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2012-01-14

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2011-3507

CWE

CWE-284

Status published

Products (8)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

oracle/jdk 1.6.0 (20 CPE variants)

oracle/jdk 1.7.0 (19 CPE variants)

oracle/jdk < 1.6.0

oracle/jre 1.6.0 (6 CPE variants)

Published Oct 19, 2011

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026