Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1489

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-1489
Last Modified 05 Dec 2013 12:24:45
Published 31 Jan 2013 09:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1489

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Vulnerable Systems

Application

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.7.0


References

MISC - http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/

MISC - http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

MISC - http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150

MISC - http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/

FULLDISC - 20130127 [SE-2012-01] An issue with new Java SE 7 security features

MISC - http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

REDHAT - RHSA-2013:0237

CERT - TA13-032A

CERT-VN - VU#858729

HP - HPSBMU02874

HP - SSRT101184

HP - SSRT101103

HP - HPSBUX02857

Related Patches

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)


Last Updated: 27 May 2016 10:57:38