CVE-2013-1489
Summary
| CVE | CVE-2013-1489 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-01-31 14:55:00 UTC |
| Updated | 2023-11-07 02:14:00 UTC |
| Description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Chrome | - | All | All | All | |
| Application | Chrome | - | All | All | All | |
| Application | Microsoft | Internet Explorer | - | All | All | All |
| Application | Microsoft | Internet Explorer | - | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Opera | Opera Browser | - | All | All | All |
| Application | Opera | Opera Browser | - | All | All | All |
| Application | Oracle | Jdk | 1.7.0 | update10 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update11 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update10 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update11 | All | All |
| Application | Oracle | Jre | 1.7.0 | update10 | All | All |
| Application | Oracle | Jre | 1.7.0 | update11 | All | All |
| Application | Oracle | Jre | 1.7.0 | update10 | All | All |
| Application | Oracle | Jre | 1.7.0 | update11 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| www.informationweek.com/security/application-security/java-security-work-remains-bug-... | MISC | www.informationweek.com | |
| Yet another Java security flaw discovered - Number 53 | Computerworld Blogs | MISC | blogs.computerworld.com | |
| Java still unsafe, new flaws discovered - Risk - SC Magazine Australia - Secure Business Intelligence | MISC | www.scmagazine.com.au | |
| '[security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC | HP | marc.info | |
| Vulnerability Note VU#858729 - Oracle Java contains multiple vulnerabilities | CERT-VN | www.kb.cert.org | US Government Resource |
| '[security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE' - MARC | HP | marc.info | |
| Full Disclosure: [SE-2012-01] An issue with new Java SE 7 security features | FULLDISC | seclists.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Java update 'doesn't prevent silent exploits at all' | ZDNet | MISC | www.zdnet.com | |
| Vulnerability Bypasses Oracle’s Java Applet Security Levels | MISC | thenextweb.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Java still unsafe, new flaws discovered - Risk - SC Magazine Australia - Secure Business Intelligence | www.scmagazine.com.au | ||
| Oracle Java Multiple Vulnerabilities | US-CERT | CERT | www.us-cert.gov | US Government Resource |
| Java CPU Feb 2013 | CONFIRM | www.oracle.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.