Vulnerability Details : CVE-2013-1489
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Exploit prediction scoring system (EPSS) score for CVE-2013-1489
Probability of exploitation activity in the next 30 days: 2.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1489
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2013-1489
-
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
Java CPU Feb 2013Vendor Advisory
-
http://marc.info/?l=bugtraq&m=136439120408139&w=2
'[security bulletin] HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D' - MARC
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906
Repository / Oval Repository
-
http://seclists.org/fulldisclosure/2013/Jan/241
Full Disclosure: [SE-2012-01] An issue with new Java SE 7 security features
-
http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
InformationWeek, serving the information needs of the Business Technology Community
-
http://www.kb.cert.org/vuls/id/858729
VU#858729 - Oracle Java contains multiple vulnerabilitiesUS Government Resource
-
http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
Java update 'doesn't prevent silent exploits at all' | ZDNet
-
http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
Vulnerability Bypasses Oracle’s Java Applet Security Levels
-
http://marc.info/?l=bugtraq&m=136733161405818&w=2
'[security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE' - MARC
-
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Oracle Java Multiple Vulnerabilities | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171
Repository / Oval Repository
-
http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx
Java still unsafe, new flaws discovered - Security - iTnews
-
http://rhn.redhat.com/errata/RHSA-2013-0237.html
RHSA-2013:0237 - Security Advisory - Red Hat Customer Portal
-
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
Page not found
Products affected by CVE-2013-1489
- cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:windows:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:windows:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:windows:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:windows:*:*