CVE-2013-1489

EPSS 15.26%
Published 31.01.2013 14:55:01
Last modified 11.04.2025 00:51:21
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.7.0 Updateupdate10 SwPlatformwindows

   Google ≫ Chrome Version-
   Microsoft ≫ Internet Explorer Version-
   Mozilla ≫ Firefox
   Opera ≫ Opera Browser Version-

Oracle ≫ Jdk Version1.7.0 Updateupdate11 SwPlatformwindows

   Google ≫ Chrome Version-
   Microsoft ≫ Internet Explorer Version-
   Mozilla ≫ Firefox
   Opera ≫ Opera Browser Version-

Oracle ≫ Jre Version1.7.0 Updateupdate10 SwPlatformwindows

   Google ≫ Chrome Version-
   Microsoft ≫ Internet Explorer Version-
   Mozilla ≫ Firefox
   Opera ≫ Opera Browser Version-

Oracle ≫ Jre Version1.7.0 Updateupdate11 SwPlatformwindows

   Google ≫ Chrome Version-
   Microsoft ≫ Internet Explorer Version-
   Mozilla ≫ Firefox
   Opera ≫ Opera Browser Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	15.26%	0.944

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136733161405818&w=2

http://rhn.redhat.com/errata/RHSA-2013-0237.html

http://www.kb.cert.org/vuls/id/858729

US Government Resource

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Vendor Advisory

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

US Government Resource

http://seclists.org/fulldisclosure/2013/Jan/241

http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/

http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150

http://www.scmagazine.com.au/News/330453%2Cjava-still-unsafe-new-flaws-discovered.aspx

http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171

https://nvd.nist.gov/vuln/detail/CVE-2013-1489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1489

EUVD