[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1489Date: (C)2013-01-31   (M)2024-04-30


Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://seclists.org/fulldisclosure/2013/Jan/241
HPSBMU02874
HPSBUX02857
RHSA-2013:0237
TA13-032A
VU#858729
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.scmagazine.com.au/News/330453%2Cjava-still-unsafe-new-flaws-discovered.aspx
http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
oval:org.mitre.oval:def:15906
oval:org.mitre.oval:def:19171

CPE    1
cpe:/a:mozilla:firefox
OVAL    2
oval:org.secpod.oval:def:9125
oval:org.secpod.oval:def:505594

© SecPod Technologies